Startups - All

Start-Up Applications - All

Last update :- 29th April, 2008
16820 items listed

Introduction

This page presents a searchable, comprehensive list of the programs you may find that run when you switch on your PC as typically identified by MSCONFIG or the registry "Run" keys - and whether you need them.

Close Program/Task Manager

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Operating System Differences

A number of entries are repeated due to the way that different operating systems display startup items. For example, WinMe lists "POPROXY.EXE" as "Norton eMail Protect" in both MSCONFIG and the registry whereas WinXP lists it as "Poproxy" in MSCONFIG and "Noeton eMail Protect" in the registry.

To avoid the list becoming too large, all VIRUSES are shown using the registry version which is common to all Windows versions.

Random startup entry/filename viruses

There are viruses and other pests that can add any number of different entries to the startups. They make additional entries under the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\ Run and RunOnce keys, allowing them to run at startup. In all cases below, %system% is a variable - by default this is C:\Windows\System (Win9x/Me), C:\Winnt\System32 (WinNT/2K), or C:\Windows\System32 (WinXP):

PE_BISTRO - adds "XXXX"="C:\WINDOWS\XXXX.EXE" - where XXXX is the randomly chosen filename of the dropped file
MAGISTR.A - adds "[Virus file name]"="[Virus Path and file name].EXE"
BUGBEAR.A or BUGBEAR.C or BUGBEAR.E - adds ""=%System%\"[random filename].EXE"
OPTIXPRO.11 - adds "%Registry entry%"="%Path%\%Filename%"
Lop.com homepage hijacker - adds multiple and random startup entries
FreeScratchAndWin - adds multiple and random startup entries as it includes LOP above
nCase (or n-Case) parasite - adds multiple and random startup entries
LORAC - adds "[four random characters]"="%Sysdir%\abcdef.exe"
MOSUCK - random name and filename in C:\Windows or C:\Winnt
DEBORMS.D - adds one of a number of valid Name/Startup Item entries but points to the path of the worm file dropped
GIBE.C - adds random name and filename in C:\Windows or C:\Winnt
SWEN.A - adds random name and filename
ZOMBAM.B - adds random name and filename
WANADO or REUR - adds "XXXXXXXX"="%Sysdir%\XXXXXXXX.exe" where X can be any random hexadecimal (0-9, A-F) number
SINCOM - adds random name and filename in C:\Windows or C:\Winnt with "Run:Auto" appended to the command/data column entry
SOBER family - adds "[random string]"="%system%\[random filename.exe]"
BRANCOS.C - adds "win_[4 random characters][4 random numbers 0-9]"="%System%\SYS_386X\[4 random characters][4 random numbers 0-9].exe"
IRC.BOT.B - adds random name and filename
COREFLOO-C - adds "[random filename]"="rundll32 %SYSTEM% [random filename].dll,Init 1"
[random digits].exe = [random digits].exe - 8 random digits, example: 77231997.exe = 77231997.exe. Winpup.exe adult content downloader
DRAGONQQ - "[Trojan's filename]"="[Path to the Trojan]", "[Random name]"="C:\WINNT\[Random name].exe", "[Random name]"="C:\Program Files\[Random name].exe" or "[Random name]"="C:\WINDOWS\[Random name].exe"
FORMADOR - adds "[executed file name]"="%System%\[executed file name].exe"
NETTRASH - adds "[file name]"="[path to filename].exe"
OPTIXPRO.13B - adds "[registry value name]"="[path to trojan].exe"
MYDOOM.F or MYDOOM.G or MYDOOM.H - adds "[4 to 8 random, lowercase letters]"="[worm filename]"
ANNIL - adds random name and filename
ANTINNY.G and ANTINNY.K - adds "[random name]"="[path to worm]"
KILLAV.D - adds "[Trojan filename]"="%Windir%\[Trojan file name]" where %Windir% is C:\Windows or C:\Winnt
MYPOO - adds "[value name]"="[Trojan file name]" where [value name] is configurable
BLACKMAL or BLACKMAL.B - adds "[random_file_name1].exe"="%System%\[random_file_name1].exe"
ERKEX.A - adds "[random_file_name]"="%System%\[random_file_name].exe"
OPASA - adds "[random_file_name]"="%System%\[random_file_name].exe"
GAOBOT.ADN - adds random name and filename
ADWAHECK - adds "[trojan name]"="%System%\[trojan filename]"
GOBOT.A - adds random name and filename in C:\Windows or C:\Winnt
Sandboxer adware - adds random name and filename
AGENT.B - adds "[1-5 random characters]"="RUNDLL32 %System%\[DLL filename].dll,StreamingDeviceSetup"
EXRUNTEL - adds "[original filename]"="%System%\[original filename]"
Margoc adware - adds random name and filename
Winpup adware - adds random name and filename in %System%
KETCH - adds "[word]"="%System%\[word][number].exe"
DARBY.B - adds "[random worm filename]"="%System%\[random worm filename]"
VUNDO - adds "*[trojan name]"="[trojan path]"
BEAKER.A - adds "[5 random lower-case char]"="[5 random lower-case char].exe" in the System, system32, Temp and Fonts sub-directories of %Windir%
LIFEFORENOW - adds "[random filename]"="%System%\[random filename].exe"
DIMI - adds "[random value name]"="%System%\[random filename].exe"
ABEBOT - adds "[random service name]"="[random filename].exe -services"
OMEGA - adds "[random value]" = "%Windir%\[random file name].exe"
NAMSHARE - adds "[Random service name]" = "[Random file name]"
REANET.B - adds "[file name]" = "[path to file name]"
BANCOS.Q - adds "[filename prefix]" = "[path to filename]"
SPYBOTER.GEN - adds "[key name]" = "[file name of Trojan]"
BOTUK - adds "[random characters]Srv32" = "[random characters]srv.exe"
MADTOL-A - adds "[trojan filename]" = "%System%\[trojan filename]"
HESIVE - adds "[trojan filename]" = "[path to trojan]"

Spyware/Adware/Malware/Foistware & Hijackers

Check CastleCops for information about these types of program. They have very active forums. You may also want to try SpywareInfo for their forums and a list of startup program managers

o-----------------------------o

This search works with IE4+, NS4 and Mozilla/NS7+ but not NS6. Alternatively use your browsers search facility - Ctrl+F for IE users.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required or not recommended - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Name/Startup Item	Command	Comments
X		system32.exe	Added by the AGOBOT-KU WORM! Note - has a blank entry under the Startup Item/Name field
X		pathex.exe	Added by the MKMOOSE-A WORM! Note - has a blank entry under the Startup Item/Name field
X		svchost.exe	Added by the DELF-UX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
X		MSPF.EXE	Added by a variant of the SDBOT WORM! This file is located in the Winnt or Windows folder. Note - has a blank entry under the Startup Item/Name field
X		dllvirtual.exe	Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
X		dllvirtual.dll	Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
X		dllvirtual.js	Added by the DADOBRA-IW TROJAN! Note - has a blank entry under the Startup Item/Name field
X		ajsha5.exe	Added by the SPYBOT-NX WORM! Note - has a blank entry under the Startup Item/Name field
X		ne.exe	Added by the IRCBOT-ZL TROJAN!
X	SystemBoot	services.exe	Added by the SOBER-Q TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a HelpHelp subfolder of the Windows or Winnt folder
X	WinCheck	services.exe	Added by the SOBER-S WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "ConnectionStatusMicrosoft" subfolder of the Windows or Winnt folder
X	Windows	services.exe	Added by the SOBER.X WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "WinSecurity" subfolder of the Windows or Winnt folder
X	WinStart	services.exe	Added by the SOBER.O WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a Connection WizardStatus subfolder of the Windows or Winnt folder
X	winsystem.sys	smss.exe	Added by the SOBER.K TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a msagentwin32 subfolder of the Winnt or Windows folder
Y	!1_pgaccount	pgaccount.exe	DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks. You will see one instant of pgaccount.exe for every active account on your system, and this is essential for PG to work properly
Y	!1_ProcessGuard_Startup	procguard.exe	DiamondCS ProcessGuard security software - stops malicious worms and trojans from being executed silently in the background, as well as a variety of other attacks
U	!AVG Anti-Spyware	avgas.exe	Part of AVG Anti-Spyware from Grisoft
U	!ewido	ewido.exe	Part of Ewido anti-spyware
N	!NoLoad	winrecon.exe	WinRecon keystroke logger/monitoring program - remove unless you installed it yourself!
?	$EnterNet	Enternet.exe	Connection manager for the EnterNet ISP. You can also use RASPPOE
X	$sys$cmp	$sys$xp.exe	Added by the RYKNOS.B TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X	$sys$crash	$sys$sonyTimer.exe	Added by the WELOMOCH TROJAN!
X	$sys$crash	$sys$sos$sys$.exe	Added by the WELOMOCH TROJAN!
X	$sys$crash	$sys$WeLoveMcCOL.exe	Added by the WELOMOCH TROJAN!
X	$sys$drv	$sys$drv.exe	Added by the RYKNOS TROJAN! Attempts to utilize the Sony Rootkit A.K.A. SecurityRisk.First4DRM security risk to hide itself on the compromised computer
X	$sys$momomomochin	$sys$sonyTimer.exe	Added by the WELOMOCH TROJAN!
X	$sys$momomomochin	$sys$sos$sys$.exe	Added by the WELOMOCH TROJAN!
X	$sys$momomomochin	$sys$WeLoveMcCOL.exe	Added by the WELOMOCH TROJAN!
X	$sys$umaiyo	$sys$sonyTimer.exe	Added by the WELOMOCH TROJAN!
X	$sys$umaiyo	$sys$sos$sys$.exe	Added by the WELOMOCH TROJAN!
X	$sys$umaiyo	$sys$WeLoveMcCOL.exe	Added by the WELOMOCH TROJAN!
U	$Volumouse$	volumouse.exe	Volumouse from Nirsoft. "Provides you a quick and easy way to control the sound volume on your system - simply by rolling the wheel of your wheel mouse"
X	$WindowsRegKey%update	IEXPLORE.EXE	Added by the RBOT-EZ WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
N	%cmpmixtitle%	%cmpmixstr%	Possibly related to C-Media Mixer Control panel?
N	%FP%012-L2TP fts.exe	fts.exe	012.Net.il Israeli ISP software front-end
U	%FP%012-L2TP FWPortal.exe	FWPortal.exe	012.Net.il Israeli ISP dial-up software
N	%FP%1776 Internet fts.exe	fts.exe	1776 Internet US ISP software ISP software front-end
U	%FP%1776 Internet FWPortal.exe	FWPortal.exe	1776 Internet US ISP dial-up software
N	%FP%AIRTEL fts.exe	fts.exe	Bharti Airtel Broadband - Indian ISP software front-end
N	%FP%Barak013 fts.exe	fts.exe	Barak013 Israeli ISP software front-end
U	%FP%Barak013 FWPortal.exe	FWPortal.exe	Barak013 Israeli ISP dial-up software
N	%FP%Friendly fts.exe	fts.exe	Friendly ISP software front-end
X	(*)API Machine	winSOCKS.exe	Homepage hijacker, see here (* = any digit)
X	(*)Run	win32API.exe	Homepage hijacker, see here (* = any digit)
X	(default)	[random filename].exe	Added by the BLACKMAL WORM! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
X	(default)	rundll32.exe [path to DLL file], Do98Work	Added by the HESIVE.B TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	(Default)	5640.exe	Added by the DOWNLD-ABF TROJAN!
X	(L4r1$$4) (4nt1) (V1ruz)	SP00Lsv32.pif	Added by the ASSIRAL.B WORM!
X	*Bandook	msdll.exe	Added by an unidentified TROJAN - see here
X	*JanisRuckenbrodII	janis.com	Added by the POPS WORM!
X	*Microsoft Update	ctxma.exe	Added by the STMU TROJAN!
X	*Microsoft Update	cxma.exe	Added by the STMU TROJAN!
X	*Microsoft Update	wstcl.exe	Added by the STMU TROJAN!
X	*Microsoft Update	wucxt.exe	Added by the STMU TROJAN!
X	*Microsoft Update	wuytc.exe	Added by the STMU TROJAN!
X	*MS Setup	[random filename]	Virtumondo adware, also known as the VUNDO TROJAN!
X	*MSConfig32	aecache.exe	Detected by F-secure as the OBFUSCATED.GP TROJAN!
X	*Security Center	secctr.exe	Added by the SDBOT.BRO WORM!
Y	*StateMgr	statemgr.exe	Windows ME default for System Restore. Do NOT disable!
X	*windows update	wrauclt.exe	Added by the RBOT-QU WORM!
X	*windows update	wuanclt.exe	Added by the RBOT-PG WORM!
X	*windows update	wuaucrlt.exe	Added by the SPYBOT.HUR WORM!
X	*windows update	wuraclt.exe	Added by the RBOT-PO WORM!
X	*windows update	wurauclt.exe	Added by the RBOT-SY WORM!
X	*windows update	wsctl.exe	Added by the SPYBOT.PR WORM!
X	*windows update	wkmst.exe	Added by the SDBOT.AVD WORM!
X	*windows update	wscxt.exe	Added by the RBOT.AOS WORM!
X	*windows update	waurclt.exe	Added by a variant of the RBOT WORM!
X	*Windows [filename] Checker	[filename]	Added by the KEDEBE-B WORM!
X	*WindowsAudio	systemupd.exe	Added by the AGENT-TH WORM!
X	*WinLogon	[trojan path] ren time:[random number]	Added by the VUNDO TROJAN!
X	*winstats	winstats.exe	Added by the GARGAFX TROJAN!
X	*wuauclt.exe	w***.exe [ = random char]	Added by a variant of the RBOT-UG WORM! Note - * in the filename represents a random char; variants spotted: wxmct.exe, wtmsv.exe, wxmst.exe, wmsvc.exe and so on...
X	,main drive Loader	wininfo.exe	Suspected malware as it appears in 3 different registry locations - see here
X	-=+(L4r1$$4)+=-(4nt1)-=+(V1ru$)=-+	ISASS.exe	Added by the ASSIRAL.B WORM!
Y	-FreedomNeedsReboot	ZkRunOnceR.exe	Internet Security Suite used by ISPs to protect customers against many attacks
X	..	ABC2007.exe	Added by the DLOADR-ASH TROJAN!
X	.mscdr	lassa.exe	Added by the WEBUS.C TROJAN!
X	.mscdr	lsvchost.exe	Added by the WEBUS.D TROJAN!
X	.mscdsr	lsvchost.exe	Added by the CR TROJAN!
X	.mscsbl	svhost.exe	Added by the CMQ TROJAN!
X	.msfupdate	msveup.exe	Added by the ALLOCUP.A WORM!
X	.mssecure	mssecure.exe	Added by the DDOS_BOXED.X TROJAN!
?	.NET config	sysmon32.exe	??
X	.NET.	msnmgnr.exe	Added by the DELF.AYF WORM!
X	.norton	rchost.exe	Added by the BOXED-H TROJAN!
X	.nvsvc	smss.exe	Added by the IRCBOT-FP TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
X	.nvsvcb	smssb.exe	Added by the BOXED.CG TROJAN!
X	.Prog	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X	.Prog	winlogon.exe	Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X	.protected	N/A	Smitfraud variant
X	.svchost	CSRSS.EXE	Added by the WEBUS.F TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X	.TEXTCONV	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	.TEXTCONV	lsass.exe	Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X	.WMAudio	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	.WMAudio	lsass.exe	Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
N	/l:eng	N/A	Related to the Dell OEM version of the Sound Blaster Audigy 2 sound card. If this item is listed and checked in startup, the System32 Folder will appear on every startup. A patch is available - filename R75304.EXE - that fixes the issue. You can find that file at support.dell.com by typing that name in the 'Search' box available there. It addresses the root of the problem in Creative's software and corrects it. Unfortunately there is no direct link to the file, but it's easily available using the search function
U	000	pit.exe	PrivateEye surveillance software. Uninstall this software unless you put it there yourself
X	000hpdllhos	hpdllhost.exe	LZIO.com adware downloader
U	000StTHK	000StTHK.exe	Toshiba Hot key functionality for the function keys (Fn-Esc, Fn-F1 (lock), Fn-F2, Fn-F3, Fn-F4, Fn-F5 (switching between laptop and CRT display output), etc...)
X	0050726-007-i32-1	0050726-007-i32-1.exe	Added by the BANCBAN-EC TROJAN!
?	00DSKSVR00	desksaver.exe	Related to Advanced Desktop Shield
?	00DSKSVR01	desksaver.exe	Related to Advanced Desktop Shield
Y	00PCTFW	FirewallGUI.exe	PC Tools Firewall Plus - "powerful free personal firewall for Windows that protects your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network"
Y	00TCrdMain	TCrdMain.exe	Related to the flash card slot on a Toshiba laptop. Ending this process will disable access to the flash cards
U	00THotkey	00THotKey.exe	For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev.
U	00THotkey	system32THotkey.exe	For Toshiba Satellite notebook series to use the front buttons, play, stop, next, prev
U	0190 Warner	WARN0190.EXE	Anti-dialer program (Germany)
U	0900 Warner	WARN0900.EXE	Anti-dialer program (Germany)
X	0mcamcap	0mcamcap.exe	Added by the COSIAM-H TROJAN!
X	0utlook Express	****.exe [ = random char]	Added by the RBOT-CC WORM! Note the first letter is actually the digit "0" and not a capital "o"
X	1	1.exe	Added by the ESTEEMS TROJAN!
X	1	lsass.scr	Added by the BANCOS.V TROJAN!
X	1	svchost.scr	Added by the BANCOS.X TROJAN!
N	1&1 EasyLogin	EasyLogin.exe	1&1 EasyLogin - quick access to webhost 1&1's Control Panel, Web-Mail and other applications via the System Tray
X	1029BB4B-16A9-4E77-AA3D-96930BD68EEC	sysockeu.exe	Detected by McAfee as the FAKEALERT-AH TROJAN! See here
X	1111swapmgr.exe	1111swapmgr.exe	Added by the IC TROJAN!
X	123456	rundll32.exe shell32.dll, Control_RunDLL ...123456.cpl	Added by the KITRO.C (or DANDI.A) WORM! 123456 can be any random 3 to 6 digit number
U	12Ghosts Backup	12backup.exe	12Ghosts Backup - "Automatic Backups, HyperBackup for Multiple Versions, Registry Backup"
U	12Ghosts Clip	12clip.exe	12Ghosts Clip - "Screen shots made easy"
U	12Ghosts JustAWindow	12window.exe	12Ghosts JustAWindow - "Cover annoying ads, animated gifs, things you don't want to see"
U	12Ghosts Popup-Killer	12popup.exe	12Ghosts Popup-Killer
U	12Ghosts SaveLayout	12autosl.exe	12Ghosts SaveLayout - "Always (always!) keep the layout of your desktop icons"
U	12Ghosts SetColor	12color.exe	12Ghosts SetColor - "Change your desktop icon text colors, also to transparent"
U	12Ghosts ShowTime	12showtime.exe	12Ghosts Showtime - "Enhance the clock in your tray with font formatting, colors, date, time zones"
U	12Ghosts Synchronize	12sync.exe	12Ghosts Synchronize - "Sync PC clock with an atomic clock over the Internet"
U	12Ghosts Tower	12tower.exe	12Ghosts Tower - "Quickly access and manage all Ghosts (included in all packages)"
U	12Ghosts TrayProtect	12srvc.exe	12Ghosts TrayProtect - "Hide tray icons, restore after a crash"
U	12Ghosts Wash	12wash.exe	12Ghosts Wash - "Protect your privacy, clear browser history, delete and overwrite cache files"
?	17779Proj2002	N/A	??
X	180adsolution	180adsolution.exe	NCase adware
X	180ax	180ax.exe	NCase adware
X	180ClientStubInstall	stubinstaller***.exe [ = digit]	180Solutions adware related
X	180ClientStubInstall	[path to trojan]	180Solutions adware related
X	180ClientStubInstall	*****.tmp [ = random digit/char]	180Solutions adware related
X	1916435341.exe	1916435341.exe	Added by the DLOADR-AXU TROJAN!
X	196_150_ni	196_150_ni.exe	WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
X	197_150_ni_3	197_150_ni_3.exe	WinFixer web installer. Winfixer is "Foistware", pretending to be system optimization, protection and recovery software - stealth installed, see here
N	1:	hpdrv.exe	HP utility for monitoring when and how many recoveries have been done
N	1A:MacVisionTrayMonitor	TrayMonitor.exe	Comes with the MacVision program for monitoring tray icons (Note : program is by Stardock)
Y	1A:Stardock MCP	mcpserver.exe	Master Control Program for Stardock apps, in development. People should leave it running if they're using any of the Stardock applications
Y	1A:Stardock TrayMonitor	TrayServer.exe	For monitoring tray icons - if disabled icons will not be displayed in ObjectBar or DesktopX
?	1CmailS	NETMAIL.EXE	??
X	1on1	1on1.exe	Adult content dialler
U	1Srv32	SpyAgent4.exe	SpyTech SpyAgent monitoring software. "Spy software that allows you to monitor EVERYTHING users do on your PC."
X	1u7	1u7.exe	Added by the MURBAC-A TROJAN!
U	1Win32Cfg	SpyBuddy.exe	SpyBuddy keystroke logger/monitoring program - remove unless you installed it yourself!
U	1Win32Cfg	Keyloggerpro.exe	Keyloggerpro keystroke logger/monitoring program - remove unless you installed it yourself!
X	1WinCfg32	WebMailSpy.exe	WebMailSpy spyware
X	2020Downloader	mssvr.exe	2020Search Toolbar
X	2177F056-0AA6-4D6C-A944-13F71F341C29	sysokuaw.exe	Detected by McAfee as the FAKEALERT-AH TROJAN! See here
U	24Online Client	CyberoamClient.exe	Related to Cyberroam from Elitecore Technologies Ltd
X	252	winmgr.exe	Added by the LEGMIR-AT TROJAN!
X	27	slsorve.exe	Added by the SLSORVE-A TROJAN!
X	27	csrss32.exe	Added by the SLSORVE-D TROJAN!
X	27	msm32.exe	Added by the SLSORVE-E TROJAN!
X	2Search	main.exe	2Search adware
X	2thousandbuck	[path to file]	Added by the RANKY.L TROJAN!
U	2wSysTray	2portalmon.exe	2Wire Homeportal user interface
X	32-bit Thunking service	thunk32.exe	Added by the DERDERO.A WORM!
X	333	svchost.exe	Added by the JD-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one is located in a "Syswm1i" directory
X	388529725448	AutomaticUpdates.exe	Added by the SDBOT-DEN WORM!
?	39ELTFH25Z8SKF	Ezg1q5.exe	Seems to be associated with software by Resplendence SP ?
Y	3c1807pd	3cmlink.exe 3cpipe-3c1807pd	3Com WinModem driver. See here for more WinModem information
Y	3capplnk	3capplnk.exe	US Robotics Modem driver
N	3cdminic	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y	3CM Link	3cmcnkw.exe	Required for a US Robotics WinModem as it provides the link to Windows - won't work without it
Y	3Cmlink	3CmlinkW.exe	For a US Robotics WinModem. Provides the link to Windows as the CPU does the processing on WinModems - won't work without it. See here for more WinModem information
N	3ComDMIAgent	3CDMINIC.EXE	3Com DMI (DynamicAccess Desktop Management Interface) Agent associated with 3Com network cards
Y	3cpipe-USRpdA	USRmlnkA.exe	Modem driver files from US Robotics
X	3D Text	3D Text.scr	Added by the JERMY.A WORM!
U	3Deep Control Panel	3DeepCTL.EXE	Now superseeded by ColorWizzard - 3Deep corrected lighting, shading and color for all your 2D and 3D games
X	3Dfx Acc	GFXACC.EXE	Added by the GIBE WORM!
N	3dfx Task Manager	3dfxMan.exe	System Tray application for 3dfx Voodoo 3/4/5 functions. Available via Start -> Programs
Y	3dfx Tools	3dfxCmn.dll	Updates the registry with information that can't be held for Voodoo 3/4/5 series graphics cards. Important for owners of these cards
Y	3dfxv2ps.dll	3dfxv2ps.dll	Updates the registry with info that can't be held for 3dfx Voodoo 2 video cards. Important for owners of these cards
?	3Dlabs Taskbar Display Manager	3DLman.exe	3DLabs graphics driver related. System Tray access to display settings?
U	3DLabsHelperDemon	3dldemon.exe	Directly from the programs author "It is a tiny program that is installed by the Permedia2/3 and probably other Oxygen-series cards. Normally it sits in the background doing nothing at all (sleeping on a semaphore), so it should take zero CPU time and virtually zero memory, since it will all be paged out to the hard drive." In most cases it can be safely disabled
Y	3DMouse.EXE	3DMouse.EXE	Dritek System Inc. 3D Mouse driver
X	3d_sound	3d_sound.exe	Added by the RIADOS-A TROJAN!
U	3qdctl.exe	3qdctl.exe	Provided with Terratec 128i PCI and similar sound cards. Loads a sound profile at bootup, restoring volume and other audio settings to a pre-determined default. Similar to Creative Lab's AudioHQ
Y	3ware 3DM	3dm.exe	Monitors status of the disk array on 3ware IDE RAID controllers
X	456655	explorer.exe	Added by the BIFROSE-DE TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
X	4684735485910	netdll32.exe	Added by the SDBOT-DEV WORM!
X	4da92ad5.exe	4da92ad5.exe	Added by the DLOADR-WZ TROJAN!
U	4oD	KHost.exe	Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops
X	4wd!!!	Natal!.pif	Added by the OPASERV.AI WORM!
X	5-1-61-96	members-area.exe	Adult content dialler
X	5-2-46-112	5-2-46-112.exe	Adult content pop-up dialler. Removal instructions here
X	55278	grepclient1.exe	Added by the LINEAGE-S TROJAN!
X	5p4m	[path to trojan]	Added by the LITEBOT-C TROJAN!
X	5whgue21	5whgue21.exe	ClearSearch adware
X	666	Ska.exe	Added by the PIPES TROJAN!
X	678	lsas32.exe	Added by the SLSORVE-B TROJAN!
X	756349DC-6D9E-4F2A-9B24-269661F073C3	sysoghcx.exe	Detected by McAfee as the FAKEALERT-AH TROJAN! See here
X	7f8e	z****.exe 9idf	Detected by NOD32 as the SMALL.ALI TROJAN! Note - it creates a number of extra z****.dll files in the system32 folder
U	802.11b+g USB Wireless LAN Utility	ZDWlan.exe	802.11b+g USB Wireless LAN Utility
U	802.11g Wireless Adatper	Monitor.exe	Related to wireless card (802.11) adapter/standard. System Tray icon that provides a shortcut to "Wireless Connection Status" and allows to turn WL on and off. Supplier unknown. Adapter is miss-spelled
X	852EBF20-A95D-4F1F-B9C2-B2CD24350F3E	sysodkcs.exe	Detected by McAfee as the FAKEALERT-AH TROJAN! See here
X	98D0CE0C16B1	rundll32.exe D0CE0C16B1, D0CE0C16B1	BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	9m	winlog0n.exe	Added by the LEGMIR-AQK TROJAN!
Y	9xadiras	9xadiras.exe	Allied Telesyn AT series router/modem related - apparently required
X	9xHtProtect	AVprotect9x.exe	Added by the NETSKY.M WORM!
X	;Rundll	[filename]	Added by the PWSLEGMIR.E TROJAN!
X	?ekio Startups	?nksvc32.exe	Added by the AGOBOT-OV WORM where ? is a random character
U	?Torrent	utorrent.exe	?Torrent - BitTorrent client for Windows sporting a very small footprint. It was designed to use as little cpu, memory and space as possible while offering all the functionality expected from advanced clients
X	@	regedit -s ..win.dll	Added by the SEEKER.K TROJAN!
N	@Hoc Toolbar	AtHoc.exe	One-click activated browsing toolbar used by various web-sites. See here for more info
N	@loha	reminder.exe	Registration reminder for @loha@home E-mail utility
X	@tour_ww	@tour_ww[1].exe	Adult content dialler
X	a	a.exe	Commercials file that registers itself in the system registry and redirects IE to a certain commercial website
X	a	jesse.exe	Added by the MELO-A WORM!
X	A New Windows Updater	w32NTupdt.exe	Added by the MYTOB.BM WORM!
N	A Note	A Note.exe	"A Note is a program that lets you create post-it like notes on your Microsoft Windows desktop"
U	A Verizon App	VERIZO~1.EXE	Part of Verizon Online Support Manager
U	a-squared	a2guard.exe	a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
Y	a-squared Anti-Dialer	a2adguard.exe	a-sqaured Anti-Dialer
Y	a-winpoet-service	winpppoverethernet.exe	WinPoET is the industry's first Windows-based PPP over Ethernet client. Developed by iVasion, WinPoET is attractive to equipment providers, modem suppliers, RBOCs and ISPs. For more info read here. It uses dial-up networking for new high-speed internet customers who are more familiar with analogue modems. If unchecked in MSCONFIG it reports Error 360 - Hardware Error in dial-up networking
U	A1000 Settings Utility	cpqa1000.exe	Compaq A1000 Print Fax All-in-One copy scan printer software. Required in the Startup in order to scan, print, copy and fax. Only required if you use these features
U	A4Proxy	A4Proxy.exe	Anonymity 4 Proxy - local proxy server that makes you anonymous when visiting web sites
X	A70F6A1D-0195-42a2-934C-D8AC0F7C08EB	rundll32.exe E6F1873B.DLL, D9EBC318C	BrowserAid/BrowserPal foistware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
U	a?	a2guard.exe	a-Squared antitrojan - can be run on demand but necessary in Startup if you prefer the a? 'Background Guard' real time protection feature
?	AAACLEAN	AAACLEAN.INF	??
?	AAAKeyboard	??	??
N	AAATraySaver	TraySaver.exe	System Tray management utility from Mike Lin which allows you to hide, show, restore icons that are lost in an Explorer crash, remove dead tray icons, minimize any window to the System Tray
U	AAK	aak.exe	Advanced Anti-Keylogger - "Anti-spy software to prohibit operation of any keyloggers currently in use or presently being developed anywhere"
U	aaLDISCN32	LDISCN32.EXE	LANDesk? Management Suite software component
U	aaLDTaskCompletion	amclient.EXE	LANDesk? Management Suite software component
X	AAMSFree702	Avengine.com	Added by the DELF.LJ TROJAN!
X	AAMSFree702	sys.exe	Added by the BACKDOOR-CPC TROJAN!
X	Aaou	amee.exe	PurityScan/Clickspring adware
X	Aapp	adprot.exe	AdBlaster adware
?	aauclient	ACNUpdater.exe	Appears to be related to software from Accenture.com
U	AAW	Ad-Aware.exe	Ad-Aware anti-spyware tool from Lavasoft
U	AAWTray	AAWTray.exe	System Tray access to Ad-aware from Lavasoft - popular spyware/adware removal tool
?	ab EazyScheduler	ezsched.exe	??
N	ABBYY Community Agent	CAGENT.EXE	Installed with the Optical Character Recognition (OCR) software that comes bundled with a Compaq A3000 all-in-one printer/scanner. Its function appears to be to link you to the internet in an attempt to buy the 5.0 version of the software
U	ABC	keylogger.exe	Keystroke logger/monitoring program - remove unless you installed it yourself!
X	abcdefgh	abcdefgh.exe	EPJ TROJAN!
U	ABIT uGuru	uGuru.exe	ABIT ?Guru - on motherboards incorporating the ?Guru processor this provides quick access to "hardware monitoring, overclocking, BIOS flashing and audio tweakin
N	ABITEQ	abiteq.exe	Monitoring utility for ABIT Motherboards. Displays system voltages, temperatures and fan speeds
X	Abrada WIN32	abrada.exe	Added by the DERMON-G TROJAN!
U	Absolute Shield	dseraser.exe	Absolute Shield Evidence Eliminator - internet history eraser
U	Absolute StartUp monitor	ASMon.exe	Absolute Startup - startup monitor from F-Group Software
U	AbsoluteShield Internet Eraser	cseraser.exe	AbsoluteShield Internet Eraser - "protects your privacy by cleaning up all the tracks of your Internet and computer activities"
X	ABsr	absr.exe	Added by the AUTOUPDER TROJAN!
X	absr	mwsvm.exe	SeekSeek search hijacker related - see here
X	abtu	mp3serch.exe	Loads the executable for Lop.com. mp3serch.exe is the final version
X	abtu	lopsearch.exe	Loads the executable for Lop.com. lopsearch.exe is the beta version
U	AbyssWebServer	abyssws.exe	Abyss web server
X	Ac97Sound	snddrv.exe	Detected by Sophos as the SILLYFDC-A TROJAN!
U	AcBtnMgr_X63	AcBtnMgr_X63.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	AcBtnMgr_X73	AcBtnMgr_X73.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	AcBtnMgr_X83	AcBtnMgr_X83.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	AcBtnMgr_X84-X85	AcBtnMgr_X84-X85.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	acc	acc.exe	Advanced Call Center - "full-featured yet easy-to-use answering machine software for your voice modem"
X	ACCDEFRAGINFO	[path to worm]	Added by the DARBY-O WORM!
U	Accelerate	accelerate.exe	Webroot Accelerate - allows you to optimize Windows network registry settings in order to boost surfing speeds. Leave this enabled if you find it improves your connection
X	Access Control App	winsto.exe	Detected by Kaspersky as the AGENT.DGO TROJAN! See here
N	Access Ramp Monitor	armon32.exe	Monitors your progress on the internet; hang-ups, connection speeds, internet congestion and traffic flow. It prevents some games from running also. To disable the Access Ramp Monitor (1) Open Windows Explorer (2) Open the Program Files folder (3) Open the MindSpring folder (4) Open the AccessRamp folder (5) Double-click on the ARMCfg32.exe file (6) Uncheck Enable Dialup Monitor and click OK (7) Restart the computer and try again
X	Access WebControl	[path to file]	Added by the PPDOOR-M TROJAN!
U	AccessManager	AccessMgr.exe	Part of SmartPipes SecureSite software. "SecureSite enables rapid turnup and enhanced administration of VPNs. It automates and simplifies tasks for VPN design and policy management, access control management, and key management"
X	AccessMedia P2P Loader	amp2pl.exe	My AccessMedia toolbar related, stealth installed!
U	AccessoriesPlus	clockplus.exe	Clock Plus, part of Accessories Plus allows you to select from dozens of alternatives for the Windows clock
N	AccessRamp Monitor01	ARMon32a.exe	From a visitor "Just wanted to provide you with some info on Access Ramp software installed with Verizon DSL accounts in those areas that use the Winpoet PPPoE software. The Access Ramp TSRs are installed as part of IP Insight software (can't remember the software maker). You can decline to install IP Insight during Winpoet setup, or go into Add/Remove programs uninstall IP Insight by hand if it's already installed. It really doesn't do a darn thing for you. It was intended to help DSL techs monitor QoS, but the backend part was never implemented (at least as of earlier this year). This will not affect the user's ability or inability to access their DSL service."
N	AccessRampLAN01	ARUpld32.exe	Version of the AccessRamp Monitor01 entry for LAN connections - a history uploader. The key in turning it off is a file named ARUCfg32.exe. This file (ARUCfg32.exe) does not show up in the startup process. If you have this file, you can execute it and remove all the monitoring activities it does. Removing all the checks in all the boxes (both tabs) still calls ARUpld32.exe to start when you start the dial up. You can block it from sending info if you have Zone Alarm installed. Renaming the extension of ARUCfg32.exe to ARUCfg32.exe1 works. The ARUpld32.exe is not loaded when launching the dial up client. Written by IP Insight and also included with Earthlink Total Access 2003
U	AcctMgr	AcctMgr.exe	Norton? Password Manager - part of Norton SystemWorks 2004 - stores passwords and other personal information, and retrieves the data needed for email logins, shopping orders, banking, and other online activities - all from the safety of your own PC
N	AccuWeather.com? Desktop	AccuWeatherDesktop.exe	Desktop weather from AccuWeather
X	accwizz.exe	accwizz.exe	Added by the RULAND.A WORM!
X	accwizzz.exe	accwizzz.exe	Added by the RULAND.A WORM!
X	acdllib3	bcdlmem.exe	Added by the MAILBOT-BA TROJAN!
N	ACDSee	ACDSee8Pro.exe	ACDSee 8 photo software. Organize, manage, enhance, and share all your valued photo memories
?	Ace bows	Ace bows.exe	??
N	AceGain LiveUpdate	LiveUpdate.exe	"AceGain LiveUpdate can help to automate and optimize product updates. AceGain LiveUpdate will automatically detect new patch updates, driver updates or full product updates and automatically download and install them according to user configuration"
U	Acer ePower Management	Acer ePower Management.exe	Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
N	Acer ePresentation HPD	ePresentation.exe	Allows you to connect your Acer laptop to a projector
N	Acer Product Registration	ACE1.exe	Acer Product Registration - remove when registration is completed
N	Acer Tour Reminder	Reminder.exe	Popup reminder to take the tour of your new Acer laptop
U	AcerGoto	AcerGoto.exe	Acer Computer "Goto Drive" Cold Swap Driver - a swappable second disk drive provides convenient backup of large files, or easy importation of data from user's previous computer
U	AcerNotebookManager	almxptray.exe	System Tray access on some Acer Notebooks to give faster access to system settings
U	AcerPowerkey	Powerkey.exe	PowerKey utility for Acer TravelMate notebook PCs. Allows the user to quickly switch between different power schemes by pressing Fn+F3
X	Acess2007a	access2007a.exe	Added by the GAOBOT.PQA WORM!
X	Aceu	[random filename]	PurityScan/Clickspring adware
Y	acEventServ	acevtsrv.exe	ActivCard Gold from ActivIdentity, Inc. Smart card-based strong authentication software - for photo IDs, proximity badges for facility access and as digital identification and authentication
U	AClntUsr	AClntUsr.exe	Altiris AClient Service Windows Tray Icon
N	Acme.PCHButton	pchbutton.exe	Used by HP Instant Support
U	ACMonitor_X63	ACMonitor_X63.exe	Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"
U	ACMonitor_X73	ACMonitor_X73.exe	Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"
U	ACMonitor_X83	ACMonitor_X83.exe	Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"
U	ACMonitor_X84-X85	ACMonitor_X84-X85.exe	Button monitor for the Lexmark X85-X85 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X85-X85.exe"
X	acocash	fastdown.exe	Adult content dialler
X	acocash	fastdown.exe	Adult content dialler
U	Acombo3dmouse	Acombo3d.exe	Mouse driver - required if you use non-standard Windows driver features
X	Aconti	aconti.exe	Adult content dialler
U	acoustic	acoustic.exe	Control panel program for Philips Acoustic Edge soundcard. Not required unless changed settings aren't retained
N	acpart	agpart11.exe	Program for finding trucks on-line
X	Acrobat	acrmon32.exe	Added by the SMALL-ECT TROJAN!
U	Acrobat Assistant .	ACROTRAY.EXE	Essential for creating PDF files with Adobe Acrobat and Acrobat Distiller. For Win9x/Me systems you can run this file manually beforehand. For WinXP systems this file must run at startup. Hence the "U" recommendation. . represents the version
X	Acrobat Read	acroup32.exe	Added by the VANBOT-BQ TROJAN!
N	Acrobat Speed Launch	acrobat_sl.exe	Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
U	ACROMOUSE	ACROMAPP.exe	Related to ACROMOUSE Laser mouse control
U	Acronis Popup Blocker	RunDll32.exe [path] Blocker.dll, Run	Part of Acronis Privacy Expert - anti-spyware and security suite
U	Acronis Scheduler Helper	schedhlp.exe	Part of Acronis True Image backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
U	Acronis Scheduler2 Service	schedhlp.exe	Part of Acronis True Image - backup software. Co-operates with the "schedul2.exe" service to perform backup/restore tasks correctly. Required if you want to use True Image to do some real backup/restore tasks - not if you only want to explore/mount images
U	Acronis True Image	TimounterMonitor.exe	Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
N	Acronis True Image Monitor	TrueImageMonitor.exe	Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage
N	Acronis TrueImage Monitor	TrueImageMonitor.exe	Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage
U	AcronisTimounterMonitor	TimounterMonitor.exe	Part of Acronis True Image backup software. Monitor for the backup archive explorer for moving and viewing files within an archive
N	AcronisTrueImage Monitor	TrueImageMonitor.exe	Part of Acronis True Image - backup software. Can be disabled without affecting TrueImage
U	Act! Preloader	Act8.exe	Sage Software's ACT! "enables individuals and small business customers to instantly access key contact and customer information, manage and prioritize activities, and track all contact-related communications so you can grow productive business relationships"
N	Action Manager 32	am32.exe	Associated with a Plustech scanner. Small utility that runs in the background for doing fax/copy/etc. Available via Start -> Programs
?	ActionAgent	actionagent.exe	"A COM server that runs on the client as part of the Dell OpenManage Client Instrumentation 6.x package; provides a simple method for a remote administrator to perform actions on the instrumented client". Is it required?
N	Activation	Activation.exe	Part of Microsoft Money
U	Activboard	MMKeybd.exe	Packard Bell ActiveBoard keyboard - multimedia keyboard manager. Required if you use the additional keys and want to see the status of the Num Lock, Caps Lock, Scroll Lock keys
X	Active Bit Station	abs.exe	Added by the MYTOB.BZ WORM!
N	Active CPU	acpu.exe	Active CPU - "easy to use tool for Windows 95/98/ME/NT/2000 that enables you to watch a graphical representation of your CPU's activity"
U	Active Desktop Calendar	ADC.EXE	XemiComputers Active Desktop Calendar
U	Active Email Monitor	aem25.exe	Active Email Monitor checks multiple accounts for email, serves as a SPAM filter and can also protect you from harmful items that can be sent via email
U	Active shield	Activeshield.exe	Active Shield is "an heuristic screen that actively protects your computer from trojans, spyware, adware, trackware, dialers, keyloggers, and even some special kinds of viruses"
X	ActiveDesktop	systray32.exe	Added by the DABOOM WORM!
X	ACTIVEDS	ACTIVEDS.EXE	Added by the OPASERV.T WORM!
N	ActiveEyes	ActiveEyes.exe	ActiveEyes from TFI Technology is a small utility that you can use to liven up your desktop. It follows your mouse around and can tell you how far your cursor has travelled or point out where the cursor is. It's small, it's free and comes with a range of options and animations. Not needed - if unavailable via Start -> Programs, create your own shortcut
U	ActiveKeys.AAB635BD7D054a37A576	akeys.exe	"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
U	ActiveMenu	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
U	ActivePlus	activeplus.exe	Interactive Agents Plugin for Messenger Plus! (MSN Messenger add-on)
X	ActiveScan Antivirus	ActiveScan.exe	Added by the RBOT-FKQ WORM!
X	ActiveScript32	nod.exe	Added by the SOHANA-AJ WORM!
Y	ActiveShield	MCVSSHLD.EXE	McAfee VirusScan On-line. See also the McAgentExe entry
U	ActiveSpeed	AS.exe	Ascentive ActiveSpeed Internet Optimizer
X	ActiveSync	wcescom32.exe	Added by the MANCSYN-E TROJAN!
N	ActiveWords	AWMonitor.exe	ActiveWords from ActiveWord Systems, Inc. Like macro programs, ActiveWords sits in the background and watches as you type. When it recognizes that you?ve typed an ActiveWord, it takes the associated action, such as replacing your keystrokes with the text you?ve defined
X	ActiveX File Registration Service	filereg.exe	Added by the RBOT-DVD WORM!
X	ActiveX Streamer	msgfix.exe	Added by the SDBOT.NQ WORM!
X	ActiveXUpdate	svcss.exe	Added by a variant of the DEDLER.C TROJAN!
U	Activity	actik.exe	ActivityKey Keystroke logger/monitoring program - remove unless you installed it yourself!
N	ActivSurf	backweb*****.exe	Packard Bell ActivSurf - automatically detects an internet connection and downloads any available updates
U	ActMaker	ActMak25.exe	"ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload. You don't need to do any coding, nor are you required to know a lot about the computer"
U	ActMaker	ActMaker25.exe	ActMaker mouse and keyboard toolkit can record the daily operation of your computer and reduce your workload
U	ACTray	ACTray.exe	System Tray icon for ThinkVantage Access Connections - "allowing users to seamlessly switch between wired and wireless environments, managing security settings, printers, home page and other location-specific settings automatically"
U	Actual Window Minimizer	ActualWindowMinimizerCenter.exe	Actual Window Minimizer - "allows minimizing any window to task tray notification area or to the edge of the screen"
X	ACTX1	v1201.exe	Added by the VB.IS TROJAN!
U	ACU	ACU.exe	Atheros wireless Client Utility
U	ACU_QSB	ACU.exe	Atheros wireless Client Utility
U	ACWLIcon	ACWLIcon.exe	Related to IBM ThinkVantage Connectivity Solution
U	Ad Blocker	blocker.exe	Ad Blocker - blocks popups, and also removes banners, image ads and flash ads
U	Ad Blocker Pro	Ad Blocker Pro.exe	Ad Away popup and banner remover
U	Ad Muncher	AdMunch.exe	Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
?	Ad Online Guide	adonlineguide.exe	??
U	Ad-aware	Ad-aware.exe	Ad-aware from Lavasoft - popular spyware/adware removal tool
X	Ad-Aware	Ad-Aware.exe	Added by the RBOT-ADJ WORM! Note - this is not the popular Ad-aware spware/adware removal tool and is located in the WinntSystem32 or WindowsSystem32 directory
X	Ad-Eliminator	ad-eliminator.exe	Ad-Eliminator spyware remover - not recommended, see here
U	Ad-Muncher	ADMUNCH.EXE	Ad Muncher removes adverts, pop-ups and general annoyances in your browser, file-sharing and messenger programs. Causes conflicts with Outlook, game sites and web-building applications
U	Ad-Protect	ad-protect.exe	Ad-Protect spyware and spam monitoring tool
U	Ad-watch	Ad-watch.exe	Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
U	AD2KClient	AD2KClient.exe	Executable for Active Disk from Iomega disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
N	Adaptec DirectCD	Directcd.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
N	AdaptecDirectCD	Directcd.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
X	AdAware	wini.exe	Added by the RBOT-XN WORM!
U	Adaware Bootup	ad-aware.exe	Ad-aware from Lavasoft - popular spyware/adware removal tool
X	Adaware lptt01	adaware.exe	RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
X	Adaware ml097e	adaware.exe	RapidBlaster variant (in a "Adaware" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Lavasoft Adaware
U	AdBin	AdBin.exe	AdBin - "Free and easy solution to managing your Window's hosts file. A fun way to block ads"
X	Add*.exe [ = random char]	Add*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Add*32.exe [ = random char]	Add*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	AddClass	AddClass.exe	CoolWebSearch Addclass parasite variant
X	AddClass	[Installation_Path]	Added by the STARTPAGE.F hijacker
X	AddClass	[path to trojan]	Added by the SECDL-A TROJAN!
U	AdDelete	AdDelete.exe	Banner advertisment blocker
X	AdDestroyer	AdDestroyer.exe	Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
X	ADDITIONAL Services	pkgadd.exe	Added by a variant of the IRCBOT TROJAN!
?	addproxy	addproxy.exe	Related to Adobe Photoshop
?	ADG	ADG.exe	SoundBlaster Audigy related?
N	ADGJdet	ADGJDet.exe	Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
X	aDir	adirss.exe	Added by the SPAMSRV-E TROJAN!
Y	Adiras	Adiras.exe	ADSL USB modem related
X	adirka	adirka.exe	Added by the TIBS-QT TROJAN!
U	AdKiller	AD Defender.exe	Part of Advanced Spyware Remover anti-spyware tool
X	adlhidp	psncc32.exe	Detected by Kaspersky as the SLAPER.AI TROJAN! See here
X	ADM Library Loader	admlib32.exe	Added by a variant of the SDBOT TROJAN!
X	Admanager Controller	AdManCtl.exe	Adware, probably a Windupdates variant
X	Admilli Service	AdmilliServ.exe	Windupdates adware variant
X	Administrator	svchost.scr	Added by the NOVACAL TROJAN!
X	Administrator	winlogon.exe	Added by the RUBBLE-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X	Administrator di Dago	Dago.exe	Added by the PUNYA-B WORM!
X	AdminSoft	sysfile.vbs	Added by the STARGRUB-A WORM!
U	admtray.exe	admtray.exe	Related to Acer Inc. destop tray
X	Adobe	Adobe.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Adobe	sysconfig.exe	Added by an unidentified WORM or TROJAN!
X	adobe	gam.exe	Added by an unidentified WORM or TROJAN!
X	Adobe	sysbat32.exe	Added by the LOWZONES.T TROJAN!
X	Adobe	zteam.exe	Added by an unidentified TROJAN!
N	Adobe Acrobat	READER~1.EXE	Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
X	Adobe Acrobat Distiller Application	acrotray.exe	Added by the RANDEX.DFJ WORM!
X	Adobe Acrobat Reader CFG	[random filename]	Added by a variant of the RBOT WORM!
N	Adobe Acrobat Speed Launcher	acrobat_sl.exe	Speeds up the time it takes to load Adobe's Acrobat PDF creation and management tool. From version 7.0 onwards
X	Adobe Filter Platform	afilterplatform.exe	Added by the RBOT-OP WORM!
U	Adobe Gamma Loader	Adobe Gamma Loader.exe	Adjusts monitor colours across all programs, including Photoshop. It is needed by some graphics professionals who want their monitor calibrated. Most home users will not need it. In my case I can verify this as Photoshop loads fine
N	Adobe Photo Downloader	apdproxy.exe	Part of Adobe's Photoshop Album or Photoshop Elements packages - starts each time you connect an external image device to your PC (see here)
N	Adobe Reader Speed Launch	Reader_sl.exe	Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
N	Adobe Reader Speed Launch	READER~1.EXE	Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
N	Adobe Reader Speed Launcher	Reader_sl.exe	Speeds up the time it takes to load the Adobe Reader application. Your choice, but not required for Adobe Reader to function properly
U	Adobe Reader Synchronizer	AdobeCollabSync.exe	Adobe Synchronizer - installed along with Adobe Reader 8.x. "Synchronizer is a small application that runs in the background, providing synchronization of document reviews and Tracker subscriptions so that your data is available when you need it." See the link for more information
U	Adobe Version Cue CS2	VersionCueCS2Tray.exe	File manager that's part of Adobe Creative Suite 2 - "find files fast, track versions across applications, link files together, and share them in creative collaboration without fear of overwriting someone else's work"
X	AdobeA	adobes.exe	Added by the FLOOD.BA TROJAN!
X	AdobeFonts	fonts.hta	Browser hijacker - redirecting to Hugesearch.net
X	adobemgr	adobemgr.exe	Added by the ADCLICKER TROJAN!
X	AdobeReader	msni.exe	Added by the RBOT.DAO TROJAN!
X	AdobeReaderPro	msnxpsp.exe	Added by the RBOT-ASK or RBOT-AUS WORMS!
X	AdobeReaderPro	ntkernell32.exe	Added by the RBOT-ATY WORM!
X	AdobeReaderPro	msnserve.exe	Added by the SDBOT-AKH WORM!
X	AdobeReaderPro	updt.exe	Added by the IRCBOT-VQ WORM!
X	AdobeReaderProfessional	msx64.exe	Added by the RBOT-GAT WORM!
X	AdobeReaderPros	sysmsn.exe	Added by the RBOT-BGH WORM!
N	AdobeUpdater	AdobeUpdater.exe	Automatic updater for Adobe software - run manually
N	AdobeVersionCue	VersionCueTray.exe	"An exclusive feature of the Adobe? Creative Suite, Version Cue? helps you find files fast, track multiple versions of your files, and share your files for creative collaboration"
X	adodemaster	adodemaster.exe	Downloader of Korean origin, detected as ADOD.28672
X	Adope File Manager	lsasv.exe	Added by an unidentified WORM or TROJAN!
X	adp	adp.exe	Spyware installed by Net2Phone, Limewire, Cydoor, Grokster, KaZaa, etc
X	AdPopup	dcf5678.exe	Added by the AGENT-FZ TROJAN!
X	adprot	adprot.exe	AdBlaster adware
N	ADQuickAccess	Adtray.exe	After Dark for Windows. Screen saver creation program produced before screen savers became integrated into Win95
X	ADriver	windrv.exe	Added by the DELF.WG TROJAN!
X	AdRoarUpdate	ARUpdate.exe	AdRoar adware updater
X	AdRotator.Application	[path to csrss.exe]	Added by the SMALL-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	AdRotator.Application	services.exe	FakeMessage/AdRotator adware. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in an "Inetsrv" subfolder
X	ADS Adware Remover	ADS Adware Remover.exe	ADS Adware Remover - not recommended, see here
X	AdsBlocker	stopAds.exe	Reported as DILAER.DW by NOD32
U	AdsCleaner	AdsCleaner.exe	"AdsCleaner is a powerful ad blocking software designed to stop ads (block banners ad, kill popup), guard your online privacy"
U	ADService	ADService.exe	Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
U	AdsGone	Adsgone.exe	AdsGone - pop-up stopper
N	ADSL Diagnostic Tools	mapiicon.exe	System tray access to ADSL modem diagnostic tools. Available via Start -> Programs
?	ADSLSYSTEMTRAY	SystemtrayV100B.exe	Apparently Annex A ADSL modem related. What does it do and is it required?
Y	AdslTaskBar	rundll32.exe stmctrl.dll, TaskBar	ISP software, initializes DSL modem
X	AdslTaskBars	taskmng.exe	Added by the RBOT-AXZ WORM!
?	ADSL_A2	A2Installed	Associated with an Integrated Telecom Express (ITeX) ADSL driver installation. What does it do and is it required?
Y	ADSS	ADSS.exe	ADSS is part of Access Denied security and privacy software (Access Denied Security Server) that monitors power status and provides some other services for Screen Guard. Important to keep its running while using Access Denied
X	adstartup	automove.exe	Adlogix adware variant
X	adstartup	Adstartup.exe	Adlogix adware variant
X	AdStatus Service	AdStatServ.exe	WindUpdates AdStatus Service adware
U	AdSubtract	adsub.exe	AdSubtract blocks ads, cookies, pop-up windows, animations, music, and more. Can be disabled from within AdSubtract. Available via Start -> Programs. Now superseeded by Trend Micro AntiSpyware
X	adtech2005	adtech2005.exe	Detected by Kaspersky as the STARTPAGE.AW TROJAN!
X	adtech2006	adtech2006.exe	Detected by Kaspersky as the VB.KC WORM!
X	Adtools Service	AdTools.exe	Windupdates Adware
?	ADU	adu.exe	Related to Cisco Aironet wireless products. What does it do and is it required?
X	AdultX	AdultX.exe	Adult content dialler and hijacker
X	Adult_Chat	Adult_Chat.exe	Adult content dialler
X	Adult_Chat1	Adult_Chat1.exe	Adult content dialler
X	AdUpdater	sysupudt.exe	Unidentified adware downloader/updater
U	ADUserMon	ADUserMon.exe	Part of Iomega's Active Disk - allows software applications to be run directly from an Iomega Zip? disk. Required if you wish the applications to launch on insertion of a disk
X	Advanced DHTML Enable	exo32.exe	Added by the RANCK-FI TROJAN!
X	Advanced DHTML Enable	[path to trojan]	Added by the AGENT.GLQ TROJAN!
X	Advanced Internet Protocol	cerf.exe	Added by a variant of the SPYBOT WORM!
X	Advanced Protection System	advpsys.exe	Added by a variant of the RBOT WORM!
U	Advanced Spyware Remover	Asr.exe	Advanced Spyware Remover anti spyware tool
X	Advanced Tool Checks	advchks.exe	Added by a variant of the RBOT WORM!
N	Advanced Tools Check	ADVCHK.EXE	Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
U	Advanced Uninstaller PRO Installation Monitor	monitor.exe	Innovative Solutions Advanced Uninstaller PRO - "easy-to-use suite for uninstalling applications and keeping your computer fast, clean, and in its best shape"
X	AdvancedCleaner Free	UADC.exe	AdvancedCleaner misleading security software - not recommended, see here
X	AdVantage	AdVantage.exe	MediaAdVantage adware
X	advap32	[path to trojan]	Detected by Trend Micro as the MUTANT.AT TROJAN! See here
X	Advapi	Advapi.exe	Added by the NETDEVIL.12 WORM!
N	ADVCHK	ADVCHK.EXE	Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
U	Advertising Killer	Akiller.exe	Advertising Killer - popup stopper
X	advmon32	advmon32.exe	Added by a variant of the CRYPTER.C TROJAN!
U	Adware Agent	adware agent.exe	Adware Agent popup blocker
X	Adware Spy	AdwareSpy.exe	Adware Spy adware remover - not recommended, see here
U	AdwareAlert	AdwareAlert.Exe	Adware program, previously not recommended (see here). It has now been delisted, so make sure you have the latest version
X	AdwareDelete	adwaredelete.exe	AdwareDelete adware remover - not recommended, see here
X	AdwareKiller_schedules	schedules.exe	EAdwareKiller spyware remover - not recommended, see here
X	AdwareKiller_tray	tray.exe	EAdwareKiller spyware remover - not recommended, see here
X	AdwareProMFC	Ad-Ware Pro.exe	Ad-Ware Pro spyware remover - not recommended, see here
X	AdwareRemover2007	AdwareRemover2007.exe	AdwareRemover2007 spyware remover - not recommended, see here
?	Aeiwlsta.exe	Aeiwlsta.exe	IBM High Rate Wireless LAN Adapter driver. Is it required?
N	AELaunch	AELaunch.exe	Audio Applications Launcher for the Philips Acoustic Edge soundcard
X	AERVICESN	AERVICESN.exe	Added by the RANDON-AO WORM!
N	AeXAgentLogon	AeXAgentActivate.exe	Altiris Agent transmits information about your machine for the purpose of asset management and deployment
?	AeXSWDUsr	AeXSWDUsr.exe	Altiris Express NS Client Manager software. Is it required?
U	AEZBProc	aptezbp.exe	IBM Aptiva keyboard customizer - enables certain special buttons on keyboard for CD operation, volume control, and few quickstart buttons. Keyboard will work without it but you lose the special functions
U	AFAFilter	windefault.exe	AFAFilter - internet filter software
X	afskfask8	fsfjasj8.exe	Added by the ONLINEG-L TROJAN!
N	AGEIA PhysX SysTray	TrayIcon.exe	System Tray access to display properties for AGEIA PhysX graphics cards. Unless you change your desktop resolution, etc, regularily use Control Panel -> Display Properties or right-click on the desktop
N	Agent	Agent.exe	Cyberlink's Power VCR II 3.0 is a TV tuner recording utility. If you want to schedule recordings you'll need this, otherwise can be disabled. Available via Start -> Programs
X	Agent	alsys.exe	Added by the DREF-V VIRUS!
X	agent	ppl.exe	Added by the DREF-U VIRUS!
X	Agent Browser	[random filename]	Added by the PPdoor.M-bdr backdoor TROJAN!
X	Agent Explorer	[random filename]	Unidentified adware
?	Agente	Remupd.exe	Part of Panda Antivirus . Is this an update reminder (guess because of the name), virus definition update reminder or something similar?
X	agentsvr	agentsvr.exe	Malware, detected by Kaspersky as AdWare.Monker.a. NOTE: do NOT confuse with the Microsoft Agent Server application of the same name as described here - the legitimate file will always be located in the WindowsMsagent folder
U	AgfaCLnk	AgfaCLnk.exe	For Agfa digital cameras connected via USB. Enables Windows to access the contents of the memory stick (while the stick's still on the camera) via a virtual drive
X	agp	agp32.exe	Added by the GAOBOT.SY WORM!
Y	AGRSMMSG	AGRSMMSG.exe	IBM AMR modem driver
N	AGSatellite	AGSatellite.exe	Program from AudioGalaxy that lets you download some MP3s from their server. Available via Start -> Programs
U	ahfp	ahfp.exe	Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
U	ahfprog	ahfp.exe	Advanced Hide Folders - "is powerful file security program. It allows to hide folders or hide files. Advanced Hide Folders is very useful to keep your personal data away from others. Others will not know where your personal files exist and they will not be able to accidentally view, delete or modify them either"
Y	AHNSD	AhnSD.exe	AhnLab V3 antivirus updater - leave enabled unless you manually update on a regular basis
?	AHNUE	AHNUE.exe	??
X	ahost	ahost.exe	Added by a variant of the SDBOT WORM!
N	AHQInit	ahqinit.exe	Part of AudioHQ for the Soundblaster Live!. Appears as though it makes the AudioHW toolbar drop down from the top of the desktop and isn't required
X	Ahst	iebs.exe	PurityScan/Clickspring adware
X	AHU	[path to worm]	Added by the ANACON-B WORM!
X	AHU	ANACON.EXE	Added by the NACO.A WORM!
X	ahui32.exe	ahui32.exe	Added by the CERTIF-M TROJAN!
U	Ai Nap	AiNap.exe	Part of the "Ai Suite" utility supplied with some Asus motherboards. "With AI Nap, users can instantly snooze your PC without terminating the tasks. System will continue operating at minimum power and noise when user is temporarily away"
N	Ai Quicker Help	AsRc.exe	ASUS DH Remote media portal launcher for their Digital Home range of motherboards that are designed for users to control the computer at a distance away, such as the M2N DH. "ASUS DH Remote is a convenient PC remote controller that gives users unprecedented control over their PCs from the comfort of their couches"
X	Aica	tuaa.exe	PurityScan/Clickspring adware
X	Aida	ttuh.exe	PurityScan/Clickspring adware
X	Aida	eetu.exe	PurityScan/Clickspring adware
?	AidemHotKey	DVMAIN.EXE	Keyboard related
?	AidemHotKey	KEYAPP.EXE	Keyboard related
U	aiepk	aiepk2.exe	Another IE Popup Killer - pop-up stopper
N	AIM	aim.exe	AOL Instant Messenger. If connected to the internet, automatically runs up AIM. Convenience more than anything. Available via Start -> Programs
U	AIM	AIM+.exe	AIM plus - a free add-on to AOL's Instant Messenger for Windows from Big-O Software
X	AIM Instant Message Cookies	[random filename]	Added by the RBOT-AFV WORM!
N	AIM Logger	AIMLogger.exe	AIM Logger - saves AIM (AOL Instant Messenger) conversations to log files. Can be started when you are using AIM
X	Aim Plugin	aimplugin.exe	Added by the GUAP-F WORM!
X	AIM reminder	AIM reminder.exe	Added by the BUDDY TROJAN!
N	Aim6	AOLLaunch.exe	AOL Instant Messenger - start it when you want to use it
N	Aim6	aim6.exe	AOL Instant Messenger - start it when you want to use it
X	AIM95 Startup	aim95.exe	Added by the AGOBOT.AEE WORM!
X	aimaol lptt01	aimaol.exe	RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	aimaol ml097e	aimaol.exe	RapidBlaster variant (in a "Aimaol" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
U	aimb.exe	aimb.exe	IMSufSentinel is a spy program which can record IM conversations, log keystrokes, record URLs visited, and take screenshots. If you didn't install this yourself remove it
N	AimingClick	AimingClick.exe	AimingClick from AimingTech. Web searching tool. Available via Start -> Programs
U	AIMPro	aimpro.exe	AIM Pro - secure instant messaging, video conferencing, on-line meetings and desktop and file sharing
N	AIMster	??	Peer to Peer (P2P) file sharing client that runs over the AOL Instant Messenger network. Available via Start -> Programs
N	AIMWDInstall	AIMWDInstall.exe	Version of the WildTangent on-line games installer that came with versions of AOL Instant Messenger. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Y	Aiptek Graphics Tablet (USB)	atwtusb.exe	USB interface for Aiptek Graphics Tablet (USB)
X	aircity	aircity.exe	Related to "Prutect" malware from e2Give
U	AirPort Base Station Agent	APAgent.exe	Airport Base Station Agent utility for Apple's AirPort wi-fi basestations. "Wireless solution for home, school, and business. As it blankets your space with a blazing-fast, secure wireless network, it opens up a world of possibilities for home entertainment, backups, printing, and more"
X	AKEYNAME	WinServ.exe	Added by the EVILBOT.C TROJAN!
U	akeys	akeys.exe	"Active Keys is a powerful yet easy-to-use tool for creating and managing keyboard shortcuts for any system action"
X	akgkagaksad9	fsakfask9.exe	Added by the ONLINEG-M TROJAN!
U	AKiller	akiller.exe	Advertising Killer - popup stopper
X	ala.exe	ala.exe	Access Lock is a system-tray security utility you can use to secure your desktop when you are away from your computer
U	Alarm Manager	Alarmapp.exe	Palm alarm event reminder that coordinates what is on your Palm with settings on your desktop
?	AlarmWatcher	AlarmWatcher.exe	Associated with SynTPEnh and SynTPLpr which are from Synaptics for touchpads on laptops. What does it do and is it required?
N	Album Fast Start	ABMTSR.EXE	Scanner software, not required for scanner to work
?	AlcFDMonitor	ALCFDRTM.EXE	RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
?	ALCFDRTM16	ALCFDRTM16.com	RealTek related - Real-Time SPDIF-in Monitor for nVidia chipset - is it required in startup?
X	Alchem	Alchem.exe	ClickAlchemy adware
U	Alcmtr	Alcmtr.exe	Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
U	Alcohol	Alcohol.exe	Alcohol 120% - CD/DVD emulation/writing/copying software
U	Alcohol Autorun	Alcohol.exe	Alcohol 120% - CD/DVD emulation/writing/copying software
U	AlcoholAutomount	axcmd.exe	Alcohol 120% is a powerful Windows application that makes it easy to create backups of DVDs* and CDs. In addition, the program lets you store your most used CDs as images on your computer, so you can call them up at the click of a button. This part automounts images disc images
?	Alcom PCL Capture	FMW_PCAP.EXE	??
N	AlcWzrd	ALCWZRD.EXE	RealTek High Definition audio driver related - detects new devices when plugged in, then pops up a dialog box. If everything works as expected you should be able to disable this one
U	AlcxMonitor	Alcxmntr.exe	Installed with hardware drivers for a Realtek AC97 audio device. It's believed that Realtek uses this file in order to gather data about the customer. Some users report problems with their on-board sound if this is disabled - hence the "U" recommendation
X	aldefr ere service	tay0x.exe	Added by the RBOT-XS WORM!
X	alerter	alerter.exe	Added by the MAHA.F TROJAN!
X	Alevir	Alevir.exe	Added by the OPASERV-A WORM!
X	AlevirOld	[worm filename]	Added by the OPASERV WORM!
N	Alexa	alexa.exe	Related to Alexa. Note - collects and stores information about the web pages you view, the data you enter in online forms and search programs and, with versions 5.0 and higher, the products you purchase online whilst using the toolbar. Although Alexa state's they do not attempt to analyze the data it may collect about you to determine who you are, some of your information collected by the software is personally identifiable. Please read the Privacy Policy. Not Recommended
X	AlexaToolbar	alt.exe	Reported as the DELF.EB hijacker by Ewido Security Suite
X	AlfaCleaner	AlfaCleaner.exe	AlphaCleaner is now a stealth install using exploits on unpatched systems. Seen alongside RazeSpyware
U	AlfaClock Classic	AlfaClock.exe	AlfaClock from AlfaSoft Research Labs - "enhances your taskbar clock (tray clock) with fully customizable clock display, alarms, time synchronization and more"
U	AlfaClock2	AlfaClock2.exe	AlfaClock2 - tray/desktop clock and time synchronization software
?	ALFY Accellerator	AlfyAC~1.exe	??
X	ALG.EXE	iexplorer .exe	Added by the DEMOTRY-B WORM!
X	ALG32	ALG32.EXE	Added by the STARTPAGE.K hijacker
X	algchk.exe	algchk.exe	Detected by Kaspersky as the VB.ATE TROJAN!
X	ALGU	ALGU.EXE	Added by the CWS-I TROJAN!
U	ALi5289	ALi5289.exe	Related to Uli Integrated Drivers from Uli Electronics Inc
N	Alias SketchBook Snapshot	ALIASS~2.EXE	Screen-capture utility for Alias Sketchbook
N	AlienAutopsy	Test_BS.exe	Alienware computer technical support software
Y	ALiSndMgr	ALiSndMg.exe	ALi AC97 Sound driver
?	AliUSBfix	GREENMK.exe	May be realted to a USB 2.0 PCI card - the IOgear GIC220OU?
X	Alive SYstem	scchost.exe	Added by the TOFDROP-B TROJAN!
X	Alive SYstem	scchostc.exe	Added by the TOFDROP-B TROJAN!
X	alkasr	?????.exe	Added by the BALKART TROJAN!
U	All Aboard Status	stswin.exe	All Aboard! Internet Connection Sharing status icon
X	All Sea screen saver	TaskTray.exe	"Free screensaver", installs lots of foistware. See here. Get rid of it
X	All Sea web link	FWLink.exe	"Free screensaver", installs lots of foistware. See here. Get rid of it
N	AllerCalc	AllerCalc.exe	AllerCalc is an expression calculator which allows you to directly enter an expression to be evaluated. Can be started manually
X	Allopassw	[path to trojan]	Added by the RANKY.CU TROJAN!
U	AllSeeingEye	ase.exe	All-Seeing_Eye security software - "monitors everything that takes place on your computer, and alerts the user as soon as anything suspicious or out-of-the-ordinary is happening, providing the user with alternatives for possible actions"
U	allSnap	allSnap.exe	"allSnap is a small system tray app that makes all top level windows automatically align like they do in programs such as Winamp or Photoshop"
U	AllToTray	ALLTOTRAY.EXE	AlltoTray from DNTSoft - minimize any program to your System Tray
X	Alogrithm Link Queue	alq.exe	Added by a variant of the SDBOT WORM!
U	Alogserv	Alogserv.exe	From McAfee VirusScan for logging scanning activities. In some cases, if left running it can cause CPU % usage to go between 5-95% or go to and stay at 100%. Disabling it impacts on the reported last scan date. It is reported to cause jerky graphics response in many games. As of version 6, this is a critical component of McAfee and disabling it can cause a PC to lock up
U	ALPass	ALPass.exe	ALPass password manager
X	alpha	svchost.exe	Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Y	Alps Electric USB Server	Monserv.exe	Alps Electric USB Server - required according to this article
U	AlpsPoint	Apoint.exe	Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
?	ALServ	ALServ.exe	Altec Lansing AMS speaker related. What does it do and is it required?
X	Altnet	points manager.exe	Altnet TopSearch adware
X	AltnetPointsManager	points manager.exe	Altnet TopSearch adware
U	AltoMB_service	AltoMBsrv.exe	Alto Memory Booster from Alto Software - boost the computers performance via more intelligent and efficient memory management. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
U	ALTOOLS	AccessL.exe	ALTools family of PC utilities
X	AltPayments	AltPayments.exe	WeirdOnTheWeb adware
N	ALU Scheduler Service	ALUSchedulerSvc.exe	Symantec LiveUpdate scheduler for programs such as Norton AV or Internet Security
U	ALUAlert	ALUNotify.exe	Notification reminder for Symantec's LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
N	Aluria Security Center	SecurityCenter.exe	Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here
U	Aluria's Pop-Up Stopper	eps.exe	Aluria Pop-Stopper
N	Aluria's Spyware Eliminator	ASE.exe	Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here
U	AlwaysOnTopMaker	AlwaysOnTopMaker.exe	Always On Top Maker - utilty to enable an application to always be displayed "on top" of others on the desktop
N	AlwaysReady Power Message APP	ARPWRMSG.EXE	Related to HP and Compaq Desktop PCs. Read this article
X	AmazingTens	AmazingTens.exe	Premium rate adult content dialler
U	AMD PowerNow!	GemBack.exe	AMD PowerNow! - "an innovative solution available on all AMD mobile processor-based notebooks that can effectively increase notebook battery life, while delivering performance on demand"
Y	amd_dc_opt	amd_dc_opt.exe	AMD Dual-Core Optimizer - "can help improve some PC gaming video performance by compensating for those applications that bypass the Windows API for timing by directly using the RDTSC (Read Time Stamp Counter) instruction"
N	America Online . Tray Icon	aoltray.exe	Puts AOL icon in System Tray (. denotes version if present). Connect to AOL via the desktop shortcut or Start -> Programs
N	AME_CSA	rundll32 amecsa.cpl, RUN_DLL	Loads ADSL modem Control Panel applet
U	AModemLockDown	ModemLockDown.exe	ModemLockDown - allows you to supervise internet access by disabling the modem, protects againt dialers accessing dial-up connections, etc
Y	Amon	AMON.EXE	Monitoring part of Eset's NOD32 virus-scanner
Y	Amonitor	amon.exe	Tiny Personal Firewall
U	AMP WinOFF	winoff.exe	WinOFF is " a utility designed to shut down Windows computers automatically, in a fully configurable way"
U	AMSG	Amsg.exe	Part of the IBM ThinkVantage Productivity Center. "The Message Center sends automatic notification on ThinkVantage Technologies integrated with your system. Once you're online"
X	amsgupdate	ams.exe	Added by a variant of the MAILBOT TROJAN!
N	AMSN	amsn.exe	aMSN Messenger is a multiplatform MSN messenger clone
X	amsn	amsn.exe	Added by the BANKER-BNZ TROJAN!
X	amva	amvo.exe	Added by the SILLYFDC-BR WORM!
N	Anapod Manager	anamgr.exe	Anapod Explorer "is the most advanced Windows iPod software available, offering iPod management through full Windows Explorer integration under My Computer"
X	anbv32	nabv32.exe	Added by the TITOG.C WORM!
X	angeleyes	msdll.exe	Detected by Kaspersky as the VB.PI TROJAN! See here
Y	ANIWZCS2Service	WZCSLDR2.exe	ALPHA Networks wireless driver
?	ANIWZCSService	WZCSLDR.exe	D-Link wireless PCI adapter related. In some cases reported to cause excessive CPU activity
?	AnnotateCheck	AnnCheck.exe	Genius Wizard Pen Tablet driver related. Is it required?
N	Announcements	Annclist.exe	MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
N	Anntext	Anntext.exe	Caere Pagekeeper text annotation server
U	AnonymityGateway	Anonymity Gateway.exe	Anonymity Gateway - privacy protection tool that conceals IP address preventing your surfing habits and your internet activity form being tracked by websites or Internet Service Providers
U	Anonymizer Total Net Shield	AnonTns.exe	Anonymizer Total Net Shield - ID protection and privacy software
U	ANONYMIZER_SPYWAREKILLER	SpyWareKiller.exe	Anonymizer Spyware Killer - now Anti-Spyware
U	ANONYMIZER_SPYWAREKILLER	AnonAntiSpyware.exe	Anonymizer Spyware Killer - now Anti-Spyware
U	Another Internet Explorer Popup Killer	aiepk2.exe	Another IE Popup Killer - pop-up stopper
X	ansjava	[path to worm]	Added by the RANDON-AN WORM!
X	Anskya	PYSKY.NET.exe	Added by the DLOADER-MW TROJAN!
X	Answer Problem	dSAFsqs.exe	Added by the SDBOT-SC WORM!
U	AnswerTool	AnswerTool.exe	AnswerTool - save your E-mail replies in AnswerTool, then reuse them again and again
X	Anti	Isass.exe	Added by the BROPIA.K WORM!
X	Anti Spam Service	spamsvc.exe	Added by the MYTOB-BK WORM!
N	Anti-Blaxx Manager	Anti-Blaxx.exe	Anti-Blaxx - bypass blacklistings from different copy protections bypassing methods like virtual CD or DVD drives
U	Anti-keylogger check	antikey.exe	Anti-keylogger - protects against keylogger programs monitoring your keystrokes
U	Anti-Trojan-Watch	ATWatch.exe	Anti-Trojan Watch - trojan detector
X	Anti-Virus	vpms.exe	Added by a variant of the SLAPER TROJAN!
X	Anti-Virus	[random filename].exe	Added by the CAPROBAD-A TROJAN!
X	Anti-Virus Product Sync	[unprintable character][3 characters]log.exe	Added by the KEDEBE.D WORM!
X	Anti-Virus Update Scheduler	[path to trojan]	Added by the SPAMMIT-A TROJAN!
X	Anti-Virus Update Scheduler	winsp3.exe	Malware - detected by Kaspersky as the AGENT.FP TROJAN!
X	Anti-Virus Update Scheduler V1.39.12R	[path to trojan]	Added by the HEPLANE or STAPREW.B TROJANS! - different filenames have been spotted; examples: msvc.exe, kaspersky.exe, nrton.exe, wins.exe, gah32.exe, 1.tmp, syste.exe, alg.exe, socks.exe, winxpsp2.exe, tek9.exe, sks.exe, hihi.exe, s.exe, xps2.exe, dns2.exe, ikav32.exe and more...
X	AntiClicker	SVCHST32.EXE	Added by the CBH TROJAN!
U	antidialer.co.uk	Dialer_Watcher.exe	Dialer_Watcher is an application that allows you to detect dialers on your computer
X	antihost	ahr.exe	Added by the BANCBAN-QJ TROJAN!
U	AntiPopUp	AntiPopUp.exe	AntiPopUp for IE - pop-up stopper
X	AntiSpyKit .	AntiSpyKit ..exe	EAdwareKiller spyware remover, where . represents the version number - not recommended, see here
X	AntispyStorm	AntispyStorm.exe	AntiSpyStorm misleading security software - not recommended, see here
X	AntiSpyware	Antispyware.exe	AntiSpywareApp spyware remover - not recommended, see here
X	AntiSpywareBot	AntiSpywareBot.exe	AntiSpywareBot spyware remover - not recommended, see here
X	AntiSpywareMaster	asm.exe	AntiSpywareMaster spyware remover - not recommended, see here
X	AntiSpywareShield	AntiSpywareShield.exe	AntiSpywareShield spyware remover - not recommended, see here
X	AntiVerminser	AntiVerminser.exe	AntiVerminser spyware remover - not recommended, see here
X	antiviirus	antiviirus.exe	Added by a variant of the AGENT.KEU TROJAN!
X	Antivir	svchst.exe	Added by the RAGRUK-A TROJAN!
X	AntiVir	scvhost.exe	Added by the AGENT-DSF TROJAN!
X	AntiVir	winlog.exe	Added by the IRCBOT-TJ TROJAN!
Y	AntiVir XP	AVwin.exe	AntiVir? PersonalEdition Classic - antivirus
X	AntiVirGear .	AntiVirGear ..exe	AntiVirGear misleading security software, where . represents the version number - not recommended, see here
X	Antivirus	av.exe	Added by the SINKIN TROJAN! Resets IE start page to realphx.com
X	Antivirus	maja.exe	Added by the NETSKY.H WORM!
X	Antivirus	iexpl0res.exe	Added by an unidentified WORM or TROJAN!
X	AntiVirus	kaspery.exe	Added by a variant of the RBOT WORM!
X	AntiVirus	AntiVirus.exe	Added by the BANKER-EHB TROJAN!
X	Antivirus Installer	[path to trojan]	Added by the BADGENT-A TROJAN!
X	AntiVirus Process	virprot.exe	Added by a variant of the SDBOT WORM!
X	Antivirus Protection Services	ccapp2.exe	Added by the RBOT.EXI WORM!
X	AntiVirus Update	updates.exe	Added by the RBOT-JF WORM!
X	AntiVirus Update	antivirus.exe	Added by the RBOT-IF WORM!
X	Antivirus-Golden	Antivirus-Golden.exe	Antivirus-Golden misleading security software - not recommended, see here
X	antivirus32	antivirus.exe	Added by the SPYBOT.KAI WORM!
X	AntivirusGold	AntivirusGold.exe	AntivirusGold malware
X	AntiVirusPro	AntiVirusPro.exe	AntiVirusPro misleading security software - not recommended, see here
X	AntiVirusProMFC	Antivirus Pro.exe	AntiVirusPro misleading security software - not recommended, see here
?	AntiVirusProtection	qumk.exe	??
X	AntiVituS	Base.exe	Added by the BAS.A WORM!
X	antiware	elite*32.exe [* = random char]	Added by the DLOADER-HW TROJAN!
U	AntiWindowsMessenger	AntiMsMsg.exe	Anti-Windows_Messenger is a small application that prevents Windows Messenger from remaining resident in memory
X	anti_troj	anti_troj.exe	Added by the LODEAR.D TROJAN!
Y	AnVir	AnVir.exe	AnVir Task Manager - protects computer against viruses and manages running processes and startup files
Y	AnVir Task Manager	AnVir.exe	AnVir Task Manager - protects computer against viruses and manages running processes and startup files
U	anvshell	anvshell.exe	System Tray tool for ASUS video cards. If disabled you lose all the ASUS specific video card options in Control Panel -> Display Properties -> Advanced as well as the System Tray shortcuts toolbar
U	Any To-Do List	anytodo.exe	Any To-Do List "the ultimate software solution to keep yourself organized and reminded"
?	anycom bluetooth	ftflauncher.exe	Associated with an Anycom bluetooth wireless card. What does it do and is it required?
U	AnyDVD	AnyDVD.exe	AnyDVD - descrambles DVD-Movies automatically in the background and the DVD appears unprotected and region code free. Also removes prohibited operations from the DVD such as skipping adverts - hence the "U" recommendation
N	AO Tray	AOTray.Exe	System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
Y	aol	avp.exe	AOL's Active Virus Shield (by Kaspersky) - found in an AOLActive Virus Shield sub-directory
X	AOL 9.0 Optimized	AOLClient.exe	Added by the SPYBOTER.A TROJAN!
U	AOL Broadband Check-Up	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". The AOL Self Support Tool is required to run with the Help and Support program. If you uncheck AOL and and then run Help and Support it will add another AOL entry in the startup menu. If you remove this software in "add/remove programs" some help menus in help and support will not be available. You decide
N	AOL Companion	companion.exe	Part of the AOL Connection Suite and installs an icon on the system tray offering easy access to AOL's additional utilities and functions. This program is a non-essential process, and is installed for ease of use
X	Aol Configuration Loader	aimsng.exe	Added by the SDBOT-XE WORM!
?	AOL Fast Start	AOL.exe	AOL ISP software related. What does it do and is it required?
X	AOL Instant Messanger	aim.exe	Added by the SDBOT-YT WORM! Note - this is not the popular AOL Instant Messenger utility
X	AOL Instant Messengar	aol.exe	Added by the AGOBOT-FN WORM!
?	AOL Instant Messenger	AlM.EXE	That is an L between the A and M, the start up location is wrong for AIM. What does this relate to?
X	Aol Instant Messenger	aolmsg.exe	Added by the KELVIR.AL WORM!
X	AOL Instant Messenger	aimsgr.exe	Added by the IRCBOT.N TROJAN!
X	AOL Instant Messenger 7.213	aim9283.exe	Added by the SDBOT-ZF WORM!
X	Aol Instant Messenger Fix	aolfix.exe	Added by the SDBOT-ABJ WORM!
X	AOL Messenger	[random filename]	Added by an unidentified VIRUS, WORM or TROJAN!
X	AOL Messenger	aolmsngr.exe	Added by the SDBOT-JF WORM!
X	AOL Messenger Optimized	AOLOpt.exe	Added by the AOLOPT TROJAN!
X	AOL Services Hosts	aolserviceshosts.exe	Added by an unidentified WORM or TROJAN!
U	AOL Spyware Protection	AOLSP Scheduler.exe	AOL's spyware protection program
U	AOL TopSpeedMonitor	aoltsmon.exe	AOL's TopSpeed web acceleration technology supposedly helps to make web browsing faster. Most important for those users who still access AOL via dial-up
Y	AolAcsDaemon1	Acsd.exe	AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
Y	AolAcsDaemon1	AOLACSD.EXE	AOL Connectivity Service - starts an automatic function that restores the connection should you lose it while online. Negates having to go through the procedure of signing back on manually
?	AOLCC	ACCAgnt.exe	AOL ISP software related, file located in a "AOL Computer Check-Up" folder. What does it do and is it required?
X	AolCon	config.com	Added by the TAPLAK WORM!
N	AOLDialer	AOLDial.exe	AOL ISP software dialer - can be activated through a desktop shortcut
N	AolFix	AolFix.exe	Run on Gateway Astra computers, and maybe a few others. Designed to repair a bad registry key in Gateway computers that would not allow AOL to run correctly. Not seen much any more and should only run once
X	AOLRegKey32	AOREGSVR512.EXE	Unidentified malware - see here
?	AOLSAV	AOLAgent.exe	AOL ISP related. What does it do and is it required?
X	AOLStart	AOLStart.exe	Added by the KRAIMER.12 TROJAN!
X	aolupdater.exe	aolupdater.exe	Added by a variant of the IRCBOT TROJAN!
X	Aornum	aornum.exe	Installed along with iWon Prize Machine. Based upon their privacy statement this can be regarded as spyware
N	AOTray	AOTray.Exe	System Tray application for AOpen soundcards. Can be run manually via Start -> Settings -> Control Panel
X	aouei	sysrtmvs.exe	Chivio dialer
Y	APC UPS Status	Display.exe	APC PowerChute Personal Edition status icon
U	APC_SERVICE	mainserv.exe	PowerChute? Personal Edition - "safe system shutdown software with sophisticated power management functions"
Y	apc_tray	apc_tray.exe	Part of the APC UPS software loaded with the BACK-UPS CS 350 unit. Required to monitor the APC unit in case of power failure
X	APD123	APD123.exe	PacerD Media/Pacimedia.com adware
X	Api*.exe [ = random char]	Api*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Api*32.exe [ = random char]	Api*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	API32	api32.exe	Added by the IRCBOT-B TROJAN!
X	APIClass	lexplore_.exe	Added by the MSNOPT-A TROJAN!
X	APIMon	apimonx.exe	Added by the TIBSER.A downloader TROJAN!
X	APIMon	winapix.exe	Added by a variant of the TIBSER.A downloader TROJAN!
X	APIMon	msreg.exe	Added by the DROPPER.Z TROJAN!
X	apisvc.exe	apisvc.exe	Added by a variant of the LAMEBOT TROJAN!
U	APL	APL.exe	Sage Software's ACT! The application pre-loader (apl.exe) is a self contained executable that pre-loads the necessary .NET framework and ACT! 2005 assemblies. This pre-loading of assemblies enhances ACT! startup, view load and dialog load times in some areas of the application
?	Apmsrv9x	APMSRV9X.EXE	Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?
U	Apoint	Apoint.exe	Touchpad software for laptop PC's. For instance it is found on the Panasonic and Sony Vaio machines and allows part of the touchpad to be used for document or Web-page scrolling. Required for proper functioning of the pointing software but not required for the laptop to work
X	App*32.exe [ = random char]	App*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	App.EXEName	[path to worm].exe	Added by the BODIRU WORM!
U	Appcon	vAppCon.exe	Vital Application Console - part of POS-partner 2000 point-of-sale software from Vital. This is the taskbar icon and is enabled at startup by the "Auto-start when OS starts" option. Required for a connection to be established
X	appconn	appconn.exe	Added by the CARGAO WORM!
U	AppExtender	AppExtCB.exe	Loads the Confimax add-in for popular E-mail programs to confirm E-mails have been sent and received
X	appis.exe	appis.exe	Added by the AGENT-BC TROJAN!
X	AppletINIT	INITIATE.EXE	Added by the AGOBOT.XV TROJAN!
Y	Application	mdmsetsp.exe	Aztech Labs modem driver
X	Application Adapter	abvsvc.exe	Added by the CHECKOUT WORM! See here
U	Application Explorer	Naldesk.exe	Novell Zenworks Application Explorer Executable. "For almost all users the Novell ZENworks agent (either Application Launcher or Application Explorer) will be run via the user's login script on each successful login. ZENworks is used to periodically deliver software updates and is also used to install the remote management components."
U	Application Explorer	NalView.exe	Application Explorer - file manager type access to Novell Application Launcher for installing and updating network residing applications
U	Application Launcher	Application Launcher.exe	Application launcher from the Sony Ericsson PC Suite for their mobile phones
X	Application Layer Browser	abgsvc.exe	Added by the ULPM.FX TROJAN!
X	Application Layer Browser	apnsvc.exe	Added by the CHECKOUT WORM! See here
X	Application Layer Gateway Service	algs.exe	Added by the LINKBOT.M WORM!
X	Application Layer Scheduler	agtsvc.exe	Detected by PCTools as the IRCBOT.BJJ TROJAN! See here
X	Application Layer Services	avrsvc.exe	Detected by PCTools as the IRCBOT.BJM TROJAN! See here
X	Application Manager	acnsvc.exe	Added by a variant of the IRCBOT TROJAN!
X	ApplicationProtocolRun	smsbvl32.exe	Added by the IRCBOT-CX TROJAN!
U	AppPlus	AppPlus.exe	AppPlus - "menu bar or tray launcher that docks to your desktop, floats or sits in your System Tray. Create graphic/text-based buttons that launch any number of programs, Websites, e-mail addresses or folders (which open in the AppPlus Menu System)"
Y	Apvxd	APVXDWIN.EXE	Part of Panda Antivirus. Required to enable permanent virus protection
Y	Apvxdwin	APVXDWIN.EXE	Part of Panda Antivirus. Required to enable permanent virus protection
U	APVXDWIN	ClShield.exe	"Panda ClientShield with TruPrevent is designed for companies that want the best protection for their workstations. It protects against viruses and other known and unknown threats including spam, spyware, dangerous or time-wasting content, phishing scams, hackers and intruders"
Y	Apwheel	Apwheel.exe	Wheel support for an Alps mouse
X	apyginapygin	simenu.exe	Added by the SDBOT.BTR WORM!
U	AQ3HelperStartUp	AQ3HEL~1.EXE	ScreenScenes "Aquatica Water Worlds" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	aqadcup.exe	aqadcup.exe	Added by the AGENT.BG WORM!
Y	Aqua Dock	Aqua Dock.exe	Aqua Dock - "free program that allows you to have an ?OS X? style, nice animated launchbar / taskbar on your screen that reacts to your mouse when you mouse over it. Users can customize the look of each item on the dock and set various animation options for when the mouse is over an item on the dock. It is very easy to configure"
X	Aqujyjax	[path to file]	Added by the RANCK-CQ TROJAN!
X	Aqujyjax	aqujyjax.exe	Added by the SDBOT-YC WORM!
X	ara-key	[random filename]	Added by the ANTINNY WORM!
X	arcaderockstar	arcaderockstar32.exe	Arcade Rockstar (now Gamevance) - free arcade games and prize tournaments. The program itself is clean, but the TOS and privacy statement say that you agree to allow the program to track/report your surfing and put popup advertising on your computer
X	Archive	archive.exe	Adware - detected by Kaspersky as the CENTIM.A TROJAN!
X	ARCHIVE CONTROL	fixupdattr.exe	Added by the MYTOB.GU WORM!
N	ARCSolo Recovery	N/A	Backup software by Computer Associates - no longer supported
U	Ardamax Keylogger	akl.exe	Ardakey B keystroke logger/monitoring program - remove unless you installed it yourself!
N	ares	ares.exe	"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
N	areslite	AresLite.exe	"Ares is a free open source file sharing program that enables users to share any digital file including images, audio, video, software, documents, etc"
U	Argentum Backup	ab.exe	Argentum Backup - a small backup program that lets you easily back up your documents and folders
X	Aritima	aritima.exe	Added by the ARITIM WORM!
N	ARMOR2NET	Armor2net.exe	Related to Armor2net personal firewall (possibly contains or is related to an anti-spyware product known as ArmorWall, which is a spyware remover - not recommended, see here
X	aromis	aromis.exe	Added by the NUWAR.JQ WORM!
N	AROReminder	aro.exe	Advanced Registry Optimizer - "scan, identify, clean and repair errors in your Windows registry with a single click". Reminder that states that you are in trial mode
N	ARPWRMSG	ARPWRMSG.EXE	Related to HP and Compaq Desktop PCs. Read this article
U	Artera	arteraui.exe	Artera Turbo Internet Accelerator - "surf faster, boost download speed". Only required if you find it helps improve your performance
?	AS00 Gear511	Gear511.exe	Software for Netgear wireless network cards. Unknown whether it is required for the wireless card to run but does not seem to be a resource hog. Not required for laptop to run if the wireless network card will not be used. Is it at all required?
N	AS00_Gear511	Gear511.exe	Netgear wireless LAN configuration utility
U	AS00_WN511B	WN511B.exe	Netgear RangeMax NEXT wireless adapter configuration utility
?	AS00_WPN511	WPN511.exe	NetgearRev MFC Application - software for Netgear wireless network cards - what does it do and is it required in startup?
X	ASDPLUGIN	dsldbaccess.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	canada.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	france.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	fullgames.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	100171be.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	100176br.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	adult1.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	Austria.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	belgium nm.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	czech.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	dbaccess.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	dslgeaccess.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	Finland.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	geaccess.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	mexico.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	netherlands.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	turkey.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	uk nm.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	Xadult1.exe	AsdPlug premium rate adult content dialer variant
X	ASDPLUGIN	temp532.exe	AsdPlug premium rate adult content dialer variant
X	asdsaxcxz13	dasxcsx13.exe	Added by the LEGMIR-ARF TROJAN!
X	asdx	xwinrpc32.exe	Added by the AGOBOT.VO WORM!
N	ASE Scheduler	ASE Scheduler.exe	Aluria Software's spyware removal tool - we can't really recommend this product as Aluria have recently partnered with WhenU, the well known adware company, see here and here
Y	Ashampoo FireWall	FireWall.exe	Ashampoo FireWall Free version
Y	Ashampoo FireWall PRO	FireWall.exe	Ashampoo FireWall PRO version
U	Ashampoo PopUpBlocker	PopUpKiller.exe	Ashampoo popup blocker, part of Magical Security (was Privacy Protector Plus)
Y	ashAvast	ashAvast.exe	Part of Avast antivirus
X	ASHLT	Ashlt.exe	Ashlt adware
Y	ashMaiSv	ashmaisv.exe	Part of Avast! anti-virus software - E-mail scanner
X	Asicfc	icfca.exe	Added by the AGENT.AAJE WORM!
U	AsioReg	regsvr32.exe ctasio.dll	ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
U	AsioThk32Reg	rregsvr32.exe ctasio.dll	ASIO (Audio Stream In/Out) drivers for the SoundBlaster Audigy 2 series soundcards - for recording and home project studios. Required if you use this functionality
U	ASK	rundll32.exe [path] ASK.dll rdl	Stealth Keylogger keystroke logger/monitoring program - remove unless you installed it yourself! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	asl	Aslru.exe	Added by the BANCOS-CU TROJAN!
U	ASM	ASMonitor.exe	Active Security Monitor from AOL - helps you determine how vulnerable your PC is to computer viruses, spyware and other dangers and learn what steps you can take to improve your protection
U	Asmw Soft Popups Burner	popups burner.exe	Popup blocker, part of Asmw Soft PC Optimizer
X	asnconsole	msasn.exe	Added by the RBOT.EVU TROJAN!
X	ASocksrv	SocksA.exe	Added by the VB.CBW WORM!
X	asp-srvc	asp-srvc.exe	Added by the AGOBOT-KE WORM!
X	ASP.NET State Service	csrss.exe	Added by the DLOADER-QI TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
X	ASP.NET State Service	crsass.exe	Added by the BANLOAD-M TROJAN!
X	ASP.NET State Service	servicos..exe	Added by the DADOBRA-I TROJAN!
N	asp4tray	asp4tray.exe	System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
Y	AspireTimeMachine	acertmb.exe	System recovery software supplied with some Acer notebook PCs. Similar to GoBack and the restore program in WinXP, allowing you to restore a PC back to a working state with minimal re-entry
X	asrupdate.exe	asrupdate.exe	Added by the VB.ATZ TROJAN!
X	assistse	ASSISTSE.EXE	CnsMin (Chinese Keywords) hijacker related
X	AST	AST	Added by the TROJANDOWNLOADER.WIN32.VB.AH VIRUS!
X	AST	AST	Added by the VB.AH TROJAN!
X	AST	AST.exe	AutoStarter parasite
U	ASTART	astart.exe	ASUS TweakEnable - restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
X	AStart	AStart	Added by the VB.AH TROJAN!
N	asTray	Astray.exe	Voyetra Audio Station - part of Voyetra's Ultimate MP3 & CD Manager. MP3 and digital music jukebox/organizer
N	Astro	Astro.exe	Checks for updates to Quicken on a system reboot
N	ASUS Live Update	ALU.exe	ASUS Live Update utility for their motherboards
N	ASUS Probe	AsusProb.exe	ASUS video card fan/thermal monitor - only required if you overclock your card or live in a hot area
U	ASUS SmartDoctor	VGAProbe.exe	ASUS video card fan/thermal monitor
U	ASUS TweakEnable	astart.exe	Restores manually changed settings for ASUS based video cards such as overclocking. Only required if you use non-standard settings
N	ASUSKey	V38SHELL.EXE	System tray Icon for quickly changing video modes
U	asustweakenable	ATweak.exe	Asus tweaking utility - for fine tuning the settings of your ASUS display card
N	ASWDP	ASWDP.exe	MLS Pulse - real estate software. Keeps the home buyer/seller continually informed on the status of his/her local/regional real estate market
X	ASWnk	aswnk.exe	Adult content dialler
U	AT-Watch	ATWatch.exe	Anti-Trojan Watch - trojan detector
X	atapidrv	atapidrv.exe	Added by the AGOBOT-SL WORM!
U	atchk	atchk.exe	AMT Status Message from Intel. Users can manage this, read the article. See here for more information on Intel AMT
U	Athan	Athan.exe	Athan - an application that calculates and reminds the five daily Islamic prayer times for anywhere in the world
X	ATI Active Graphics Card Monitor	atievx.exe	Added by the IRCBOT-TL WORM!
X	ATI AS Filter	msnse.exe	Added by the RBOT-CCY WORM! Note - modifies the HOSTS file by appending numerous lines, preventing access to the virus cleaning websites
N	ATI CATALYST System Tray	CLI.exe SystemTray	System Tray access to ATI's CATALYST? CONTROL CENTER. Note that this has "SystemTray" appended to CLI.exe in the "Command" column of MSCONFIG. Not required to run the control center - which is available via a right-click on the desktop
N	ATI DeviceDetect	ATIDtct.EXE	Utility meant for future use of the ATI TV WONDER USB 2.0 video driver and can be disabled
X	ATI Display	ATIDisplay.exe	Added by the BDOOR-AFH TROJAN!
X	ATI Display Driver	atixd.exe	Added by the RBOT-FOV WORM!
X	Ati Display Settings	atividx.exe	Added by the RBOT-GAS WORM!
N	ATI GART Set-up Utility	Atigart.exe	Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldn't be needed
U	ATI Launchpad	launchpd.exe	Convenient way to start all your Multimedia Center applications (DVD, Video CD, CD Audio, File Player). You can right-click LaunchPad, and uncheck Load on Startup in the menu
X	ATI Rage3d Pro	AtiRage4dPro.exe	Added by the AGOBOT-OG WORM!
Y	ATI Remote Control	ATIRW.exe	Driver for the ATI REMOTE WONDER? RF remote control for ATI's All-In-Wonder graphic cards and other products. Required if you use it
Y	ATI Remote Control	ATIX10.exe	ATI Remote Wonder? - PC wireless remote control driver. Required if you use it
N	ATI Scheduler	Atisched.exe	Component that remains resident in memory and automatically launches the ATI VIDEO PLAYER at a user selected time and date. Delete the shortcut in the Start -> Programs -> Startup folder as well. Functions could re-enable the program to load at start-up and re-introduce the shortcut. Try it and see
N	ATI Task Application	Atitkad.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
N	ATI Task Application (Atikey)	Atitask.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
X	ATI Technology Startup	techstart.exe	Added by the RBOT-AEU WORM!
X	ATI Video Driver Control	atigfx.exe	Added by the RBOT-FWL WORM!
X	ATI Video Driver Control	btorrent.exe	Added by a variant of the IRCBOT TROJAN!
X	ATI Video Driver Controls	[path to worm]	Added by the SDBOT-DDS WORM!
X	ATI VIDEO REGKEY	ati2vid.exe	Added by the SDBOT.UR WORM!
?	Ati2cwxx	Ati2cwxx.exe	For some ATI video cards. Probably used to access features and may not be required - for example the ATI Radeon works fine without it
X	Ati2evxx	Ati2evxx.com	Added by the BACKDOOR-CPC TROJAN!
X	ati2f104	ati2f104.exe	Added by the DLOADR-BBW TROJAN!
U	Ati2mdxx	Ati2mdxx.exe	System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
N	ATICCC	cli.exe runtime	ATI's CATALYST? CONTROL CENTER. Required if you want to change graphics settings on a regular basis but you must have internet access and Microsoft's .NET framework installed. Note that this has "runtime" appended to cli.exe in the "Command" column of MSCONFIG. Recommend that start the program manually via Start -> Programs -> ATI Catalyst Control Center -> Advanced -> Restart Runtime as it can casue problems when starting Windows
N	ATICCC	CLIStart.exe	Puts the ATI Catalyst? Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
X	aticpaxx.exe	aticpaxx.exe	Added by the RBOT-XP WORM!
U	AtiCwd	AtiCwd.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd	AtiCwd32.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd	Ati2cwad.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd32	AtiCwd.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd32	AtiCwd32.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
U	AtiCwd32	Ati2cwad.exe	This utility adds the ATI tab in the advanced display properties (gives the option for TV out). Do not uncheck if there is TV out on the video card
X	AtiDisplayDrv	atidrvxx.exe	Added by the RBOT-VZ WORM!
X	atidriver	reaIplayer.exe	Added by the WARPIGS-E WORM! Note the uppercase "I" in the filename, rather than a lower case "L"
N	AtiKey	AtiKey32.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
?	AtiKey	atiptkad.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
N	Atikey	Atitask.exe	System Tray access and key-combo shortcuts to common display functions on ATI video cards. Can be run from Start -> Settings -> Control Panel -> Display
U	ATIMACE	MACE.exe	ATI Technologies Control Centre - installed alongside ATI graphics hardware and provides additional configuration options for these devices in the Managed Access to Catalyst Environment (MACE) component
U	ATIModeChange	Ati2mdxx.exe	System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
X	AtiPanel	atip.exe	Added by the TACTSLAY.U TROJAN!
X	atipatxx	atipatxx.exe	Added by the SMALL-ED TROJAN!
U	ATIPOLAB	ati2evxx.exe	ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
U	ATIPOLAB	ati2evae.exe	ATI Polling Program - part of the ATI graphics driver e.g. on some Fujitsu-Siemens Notebooks
U	ATIPOLL	ati2evxx.exe	ATI External Event Utility EXE Module. This task can comsume lots of CPU resournces on some computers, but it can help with graphics card problems. Leave enabled unless it consumes too many CPU resources
U	AtiPTA	Ati2ptxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	AtiPTA	Atiptaxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	AtiPTAAA	Ati2ptxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	AtiPTAAA	Atiptaxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	atiptaxx	Ati2ptxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
U	atiptaxx	Atiptaxx.exe	Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
X	atiptext	atiptext.exe	Added by the COSIAM-A TROJAN!
U	AtiQiPcl	AtiQiPcl.exe	Used for hardware DVD decoding on ATI video cards supporting this feature. Not required unless you regularly play DVD's
U	ATISmart	ati2s9ag.exe	ATI's "SMARTGART", which is included with the "Catalyst" drivers. When the system boots, it runs a couple of bus tests & tries to apply the most stable settings
U	AtiSound	csrss.exe	WinSpy surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the "ComRoot" subfolder
X	atisrc2	windfind.exe	Added by the WINDFIND-A TROJAN!
X	ATITech	Active.exe	Added by the ROAMER-A TROJAN!
U	atitray	atitray.exe	ATI Tray Tools - allows quick access to ATI graphics card settings
U	AtiTrayTools	atitray.exe	ATI Tray Tools - allows quick access to ATI graphics card settings
X	atiupdate	ATIUPDATE5.EXE	Added by the DEBESKI.A TROJAN!
X	atiupdate	msshed32.exe	Added by the DELF.EP downloader TROJAN!
X	ATIUpdater	atiupdxx.exe	Added by the RBOT-ABX WORM!
X	Atiupdpl	atiupdpl.exe	Added by the SMALL.AOS TROJAN!
X	ativopen	ativopen.exe	Premium rate adult content dialler
Y	ATIX10	atix10.exe	ATI Remote Wonder? - PC wireless remote control driver. Required if you use it
?	ATKMEDIA	DMEDIA.EXE	ATK Media utility for ASUS laptops - what does it do and is it required?
X	Atl*.exe [ = random char]	Atl*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Atl*32.exe [ = random char]	Atl*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	ATM Control	adpn.exe	Added by the MMS.A WORM!
N	ATnotes	atnotes.exe	Loads the ATnotes program for virtual sticky notes for your desktop. Available via Start -> Programs
U	Atomic Time Synchronizer	TimeSync.exe	TimeSync - lets you synchronize your computer's clock with any internet atomic clock
X	Atomic-x27	Atomic-x27.exe	Added by the KATOMIK-A WORM!
X	Atomic-x27C	AtomicpartC.exe	Added by the KATOMIK-A WORM!
U	Atomic.exe	Atomic.exe	Atomic Clock Sync - synchronizes your computer's time with the NIST time server
N	Atomica	atomica.exe	Atomica runs from the System Tray and allows the user to find out more about a word or phrase on any screen by pointing at it with the mouse and clicking button one while holding down the Alt key
U	AtomicTime	ATOMICTIME.EXE	AtomicTime - utility that synchronizes your PC clock to an atomic clock
U	Atrack	atrack.exe	New feature of Norton Internet Security (NIS) and Norton Personal Firewall (NPF) 3.0 is the Alert Tracker, an instant notification feature. The Alert Tracker displays information about events as they happen. This way, when a rule has been triggered or an access to the Internet made, you know about it immediately rather than finding out about it when you check your logs or notice that the NIS icon indicates a security alert
U	Atray	Atray.exe	Active Tray is a utility which lets you configure the system tray. You can also create your own tray icons
U	ATSpooler	AppsTraka.exe	DeskTopScout keystroke logger/monitoring program - remove unless you installed it yourself!
U	ATTBroadbandUpdate	SAUpdate.exe	Big Brother from Quest Software. System and network monitor
U	ATTRedUpdate	AutoUpdate.exe	Additional item added to start-ups after AT&T took over the now bankrupt Excite@home high-speed internet service. Included for automatically downloading and installing updates. Leave it unless you plan to regularly run it to check for updates
X	AttuneClientEngine	attune_ce.exe	Aveo Attune automated helpdesk software - adware/spyware
X	AttuneContentUpdater	attune_cu.exe	Aveo Attune automated helpdesk software - adware/spyware
X	AttuneDiscovery	attune_di.exe	Aveo Attune automated helpdesk software - adware/spyware
X	Attunel	Attunel.exe	Aveo Attune automated helpdesk software - adware/spyware
X	AttuneSystray	attune_st.exe	Aveo Attune automated helpdesk software - adware/spyware
N	aTuner	atuner.exe	aTuner - tweak tool for GeForce based graphics cards
Y	atwtusb	atwtusb.exe	USB interface for Aiptek Graphics Tablet (USB)
X	AtxBrw	Iexplor.exe	"Pop Marketing" adware
U	au	DealioAu.exe	Dealio Toolbar is a free shopping comparison toolbar that allows users to search for a wide range of consumer products
U	AU Agent	AUagent.exe	Au Agent from Zilab Software. Win2K/NT enhancement tool. Allows you to run applications under any security context without closing the whole logon session to process a new logon
X	au.exe	au.exe	Added by the BEAGLE.B WORM!
Y	AUCBPNP	aucbnpn.exe	Adaptec USB CardBus Safe-Eject - driver for the Adaptec USB 2.0 CardBus which provides USB 2.0 ports for laptop users via a PCMCIA card slot
X	Aucompat	Aucompat.exe	Added by the GEMA TROJAN!
X	Audcntr	audcntr.exe	Added by the GEMA TROJAN!
?	AudCtrl	RunDll32 AudCtrl.dll, RCMonitor	Audio control panel?
X	audi32	audi32.exe	Added by the RANCK-FL TROJAN!
X	AUDIO	SOUND.exe	Added by the PLOYB-A TROJAN!
X	Audio Device Manager	winfp.exe	Detected by PCTools as the IRCBOT.BIV TROJAN! See here
X	Audio Device Manager	WinNT.exe	Added by the BANKER.BTG TROJAN!
X	Audio Device Manager	WNDXP.exe	Detected by Kaspersky as the IRCBOT.AJL TROJAN! See here
X	audiocfg.exe	audiocfg.exe	Added by the VB.ATE WORM!
X	Audiocntl	audiocntl.exe	Added by a variant of the CRYPTER.C TROJAN!
N	AudioDeck	ADeck.exe	ADeck.exe is a system tray application for VIA's sound cards which offers quick access to a number of sound card related items
X	Audiodrv	audiodrv.exe	Added by the CRYPTER-C TROJAN!
U	AudioDrvEmulator	DLLML.exe AudDrvEm.dll	Related to Creative DLL Module Loader for the Sound Blaster X-Fi (and maybe others). This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
N	AudioHQ	Ahqtb.exe	For Creative Soundblaster Live! series soundcards. System tray application for SB Live! functions. Available via Start -> Programs
X	AudioHQ	audiohq.exe	Added by the BANKER-EHK TROJAN!
N	AudioHQU	AHQTBU.EXE	System Tray application installed with the drivers for Creative Labs SoundBlaster Live! Can be run from Start -> Programs
X	audioinf	audioinf.exe	Added by a variant of the CRYPTER.C TROJAN!
X	audlmne32	dcmsxe.exe	Added by the MAILBOT-CF TROJAN!
X	auloadplx	mplprogsm.exe	Added by the SLAPER.K TROJAN!
X	AUNPS2	RUNDLL32 AUNPS2.DLL, _Run@16	AUNPS adware
X	aupd	symcsvc.exe	Added by the ABWIZ.D TROJAN!
X	aupd	sysvcs.exe	Added by the ABWIZ.C TROJAN!
X	aupd	sywsvcs.exe	Added by the ORSE-M TROJAN!
Y	Aureal A3D Interactive Audio	sa3dsrv.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
Y	Aureal A3D Interactive Audio Init	A3dInit.exe	For Aureal based 3D soundcards. A3D sound features won't work with this disabled
X	ausvc	ausvc.exe	Added by the AUTOUPDER TROJAN!
X	Auth Starter Ident	startauth.exe	Added by the RBOT-WP WORM!
Y	Authentic-ID Toolbar	wintmr.exe	System Tray access to Child Control parental control software by Salfield
Y	Authentic-ID Toolbar	rundll32.exe [path] ToolbarATL.dll, LoadTrayIcon	Authentic-ID Toolbar - website authentication utility. Warns you when a site is recognized for phishing or isn't authentic, for example
X	authz	authz.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	auto	win32.exe	Added by the SMALL!SD5 TROJAN!
X	Auto CD-ROM Startup	cdaccess.exe	Added by the SPYBOT.BLA WORM!
U	Auto EPSON Stylus C45 Series on X	E_S4I3T1.EXE	Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus C48 Series on X	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C48 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus C60 Series on X	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus C62 Series on X	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus C82 Series on X	E_S0HIC1.EXE	Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus C84 Series on X	E_S4I2D1.EXE	Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus C87 Series on X	E_FATIABL.EXE	Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX3200 on X	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus CX3200 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX3600 Series on X	E_FATI9BE.EXE	Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX3800 Series on X	E_FATIACA.EXE	Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX4200 Series on X	E_FATIAEA.EXE	Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX4500 Series on X	E_FATI9AP.EXE	Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX5400 on X	E_S4I2G1.EXE	Epson Status Monitor 3 for the Stylus CX5400 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX6000 Series on X	E_FATIBIA.EXE	Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX6400 on X	E_S4I2L1.EXE	Epson Status Monitor 3 for the Stylus CX6400 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX6600 Series on X	E_FATI9EE.EXE	Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus CX7800 Series on X	E_FATIACA.EXE	Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus D78 Series on X	E_FATIBGE.EXE	Epson Status Monitor 3 for the Stylus D78 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus D88 Series on X	E_FATIABE.EXE	Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus DX3800 Series on X	E_FATIACE.EXE	Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus DX4800 Series on X	E_FATIADE.EXE	Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus DX6000 Series on X	E_FATIBIE.EXE	Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo R1800 on X	E_FATI9LA.EXE	Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo R200 Series on X	E_S4I2H1.EXE	Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo R200 Series on X	E_S4I0H2.EXE	Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo R220 Series on X	E_FATIAIE.EXE	Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo R260 Series on X	E_FATIBNA.EXE	Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo R300 Series on X	E_S4I2F1.EXE	Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo R320 Series on X	E_FATI9FA.EXE	Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo RX420 Series on X	E_FATI9CE.EXE	Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo RX500 on X	E_S4I2K1.EXE	Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Photo RX600 on X	E_S4I2M1.EXE	Epson Status Monitor 3 for the Stylus Photo RX600 Series printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
U	Auto EPSON Stylus Pro 7600 on X	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc. "X" represents the computer's network name, ie, PAULS-PC, PETES-LAPTOP, etc
X	Auto File System Conversion Utility	scricon.exe	Added by the SDBOT.EYB WORM!
X	auto repair system	qualityx.exe	Added by an unidentified WORM or TROJAN - probably a SPYBOT variant
U	Auto Switch	TASKBAR.exe	Related to 2-port Bitronics AutoSwitch kit from Belkin
N	Auto T Bar	autotbar.exe	If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
X	Auto Updat	WindowsSys32.exe	Added by a variant of the FORBOT WORM!
X	Auto updat	crcss.exe	Added by the SDBOT.AAG WORM!
X	Auto Update	AUP.exe	Added by an unididentified WORM or TROJAN!
X	Auto Update	dma.exe	Added by the RBOT-AVO WORM!
X	Auto Update	svchost.exe	Added by the DUMARDI-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Auto Updates	svchost.exe	Added by the CHEUKO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Auto WinUpdate	taskmrg.exe	Added by the RBOT-AFA WORM!
X	AutoAdministrator	SERVICES.EXE	Added by the PUNYA-A WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
U	Autobar	autobar.exe	Connect buttons on the keyboard for internet direct access, etc. on HP computers
U	AutoCAD Startup Accelerator	acstart16.exe	Preloads some libraries that are used by AutoCAD in order to make the software load faster
U	autoclk	autoclk.exe	Autoclik is a Windows utility "that allows you to perform all mouse activity with absolutely no clicking"
N	AutoEA	Ahqrun.exe	For Creative Soundblaster Live! series soundcards. Specify for any audio application what audio preset to automatically associate with currently active speaker output. Available via AudioHQ
X	AUTOEXE	AUTOEXE.exe	Added by the SEMAPI-A WORM!
X	autoload	cftmon.exe	Detected by Symantec as the SILLYFDC WORM! See here
X	autoload	spooll.exe	Detected by Symantec as the SILLYFDC WORM! See here
X	autoload	windowsupdate.exe	Detected by Trend Micro as the POLYCRYP.DY TROJAN! See here
X	Autoloaderaproposclient	Apropos_Client_Loader.exe	AproposMedia adware
X	Autoloaderaproposclient	cxtpls_loader.exe	AproposMedia adware
X	AutoLoaderEnvoloAutoUpdater	auto_update_loader.exe	Envolo/AproposMedia adware updater
N	AutoMate Task Service	automate.exe	Task scheduler for Unisyn Automate 4 task automation/macro running software. Available via a desktop shortcut or Start -> Programs
U	AutoMate5	Am5HkWnd.exe	"Automate is the Leading Software for Automation of front and back-office business processes.It provides all the tools necessary to completely automate business processes, regardless of their complexity"
U	AutoMate6	AMEM.exe	AutoMate 6 for automating repetitive tasks
X	Automated Windows Updates	wauclt.exe	Added by the GAOBOT.AJD WORM!
X	Automatic Defrag Manager	defrag.exe	Added by the RBOT-AKE WORM!
X	Automatic Media Update	CACHE.RVD	Added by an unidentified WORM/TROJAN!
X	Automatic Media Update	HPLNT32.RVD	Added by an unidentified WORM/TROJAN!
X	Automatic Microsoft Windows Updater	suchost.exe	Added by the RBOT-EQ WORM!
X	Automatic Updates	algs.exe	Added by the IRCBOT-AAM TROJAN!
X	Automatic Windows Updater	Update.exe	Added by the GAOBOT.AO WORM!
N	Automatically launches the United Devices Agent when you start your computer	UD.EXE	The United Devices Agent can recycle your PC's unused resources and use them to perform valuable scientific and medical research without disturbing your usual computer use - similar to SETI@home but for medical research. Available via Start > Programs
X	Autopdate	Autopdate.exe	Added by the RBOT-AGL WORM!
N	AUTOPROP	REGPROP.EXE WMPADDIN.DLL	Both the files are in the MS Office/Bots/FP_WMP directory. Apparently, it registers the FrontPage WiMP extension
X	AUTOPROTECTU	navapq32.exe	Added by an unidentified WORM or TROJAN!
X	autorepair	dexs.exe	Added by a variant of the SDBOT WORM!
U	Autoroute SMTP	AutoSmtp.exe	Autoroute SMTP - "automatic switching between SMTP servers depending on what network you are currently working in." You need to have two Internet service providers
X	autorun	autorun.exe	Added by the AUTOM-B WORM!
X	autorun	sxs.exe	Added by the SMALLVBS-A WORM!
X	autorun	winmain.exe	Added by a variant of the DLEF.CNS TROJAN!
X	autorundemo	[path to trojan]	Added by the AGENT-FPX TROJAN!
?	AutoShutdown	pssvc.exe	Utility to fix vCard Export in MS Outlook 2000 - although why are these together?
U	AutoSizer	AUTOSIZER.EXE	AutoSizer - utility that automatically maximizes windows when they're opened
N	AutoSpell	autospel.exe	AutoSpell - spell checker (version 6.*)
N	AutoSpell 5	ASWATC32.EXE	AutoSpell - spell checker
U	AutoSys	autosys.exe	Winguardian surveillance software. Uninstall this software unless you put it there yourself
N	autotbar	autotbar.exe	If you disable the HP VIEW toolbar in IE and rearrange the toolbars on a reboot they will be back as they were before if this is left enabled
N	AutoTKit	AUTOTKIT.EXE	On HP PC's. Unclear what purpose it serves - but there's a known issue with Internet Explorer Toolbar settings not being saved with it enabled
N	autoupd	autoupd.exe	Raxco Software Auto Update utility."Used to keep your software up-to-date"
X	autoupd	autoupd.exe	Added by an unidentified VIRUS, WORM or TROJAN! - found in a folder of the same name
X	autoupdate	WINUP2DATE.DLL, SHStart	Unidentified adware - detected by Panda antivirus as the CLICKER.CY TROJAN!
X	autoupdate	rundll32 DATADX.DLL, SHStart	Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "DATADX.DLL" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	autoupdate	rundll32 SUPDATE.DLL, SHStart	Added by a variant of the QOOLOGIC TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SUPDATE.DLL" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	AutoUpdate	smss.exe	Added by a variant of the WINSPY.AA TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "debug64" subfolder of the Winnt or Windows folder
X	Autoupdate Service	kaka.exe	Added by the SYMPE-B TROJAN!
X	AutoUpdater	aupdate.exe	Tinybar variant
X	AutoUpdater	AutoUpdate.exe	PeopleonPage foistware
X	autoupdatev2	[path to file]	Added by the DROPPER-BM TROJAN!
X	autoupdatev2	autoupdatev2.exe	Detected by Kaspersky as the AGENT.FQ TROJAN!
X	AutoVirusProtection	ciscv.exe	Added by a variant of the RBOT WORM!
X	auto__antiav__key	antiav_exe.exe	Added by the BAGLEDI-AA TROJAN!
X	auto__hloader__key	hloader_exe.exe	Added by the BAGLE.AB TROJAN!
X	aux.exe	aux.exe	Added by the ZINS TROJAN!
X	auxAudioDevice	aux32.exe	Added by the AIZU WORM!
N	AUXXTRAY	au30setp.exe	System Tray application for Aureal Vortex based soundcards. Can be run manually via Start -> Settings -> Control Panel
X	AV	UPDATE-28062004.exe[25 blank spaces].vbs	Added by the MIDFIN WORM!
X	AV Client	patch31345.exe	Added by the MYDOOM.AD WORM!
X	AV Industry	patch31345.exe	Added by the MYDOOM.AD WORM!
X	AV UpDate	Update.exe	Added by the FUROOT-A TROJAN!
N	AvaFind	AvaFind.exe	AvaFind file search utility
X	AVantivirus	Avconsol.exe	Added by the MSNVB-D WORM!
X	avast	troyan.exe	Added by the SMALL.CZ TROJAN!
Y	Avast!	ashserv.exe	Part of Avast! anti-virus software
Y	avast!	ashDisp.exe	Part of Avast! anti-virus software
Y	avast! Web Scanner	Ashwebsv.exe	Part of Avast! anti-virus software
Y	Avast32	Astart32.exe	Part of Avast! anti-virus software
X	avc	avmon.exe	Added by an unidentified TROJAN!
U	AvconsoleEXE	Avconsol.exe	From McAfee VirusScan up to version 4.x and Dr Solomon's VirusScan. Used to schedule regular scans. If you don't have scans scheduled you don't need it
X	Avengine	Avengine.com	Added by the DELF.LJ TROJAN!
X	AveoAttune	atmdlusr.exe	Aveo Attune automated helpdesk software - adware/spyware
U	AVFX Engine	StartFX.exe	Advanced Video FX - supported by a number of Creative Web Cameras. "Have more fun by adding a wide range of special effects and backgrounds to your video chat with Advanced Video FX"
X	AvG	svchost323.exe	Added by the RBOT-ZA WORM!
Y	AVG Anti-Virus system	avgcc.exe	AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
X	Avg Antivirus	icpldrvx.exe	Added by the BANKER.BYU TROJAN!
X	AVG Grisoft Updater	updater.exe	Added by the AGOBOT-OT WORM!
Y	AVG7_AMSVR	Avgamsvr.exe	AVG antivirus related
Y	AVG7_CC	AVGCC.exe	AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Y	AVG7_CC	avgcc.exe	AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Y	AVG7_EMC	AVGEMC.exe	AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
Y	AVG7_Run	avgw.exe	AVG Anti-Virus 7.0 related
U	AVG8_TRAY	avgtray.exe	System Tray access to AVG internet security software
Y	avgamsvr.exe	Avgamsvr.exe	AVG antivirus related
Y	avgcc32	avgcc32.exe	AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
Y	AVGCtrl	AVGCtrl.exe	Part of AntiVir? PersonalEdition Classic antivirus
Y	avgfwsrv	AVGFWSRV.EXE	Firewall part of the AVG Plus Firewall Edition
Y	avgmsvr.exe	avgmsvr.exe	AVG Anti-Virus 7.0 related
Y	AVGnt	AVGnt.exe	AntiVir? PersonalEdition Classic antivirus. System Tray icon and control program
Y	Avgserv9.exe	Avgserv9.exe	AVG antivirus background monitoring
Y	AVGuard	AVGuard.exe	AntiVir? PersonalEdition Classic antivirus. Background task which scans files transparently
Y	AVG_CC	avgcc32.exe	AVG anti-virus control center. Also enables scheduled tests, Outlook E-mail plug-in and automatic updates
Y	AVG_EMC	AVGEMC.exe	AVG Anti-Virus 7.0 Email Cleaner. Scans incoming and outgoing email for viruses
Y	AVG_RegCleaner	AVGREGCL.exe	AVG Anti-Virus 7.0 Registry Cleaner - for checking the registry for virus additions and other security problems
X	avidrv	drvsc.exe	Detected by Kaspersky as the AGENT.PH TROJAN!
X	Avimgt	Avimgt.exe	Added by the GEMA TROJAN!
X	Avimgt32	Avimgt32.exe	Added by the GEMA TROJAN!
Y	avinit	AVINIT9X.EXE	Command Antivirus related
Y	AVK Mail Checker	AVKPop.exe	eXtendia AVK AntiVirus email checker
Y	AVKBar	AVKBar.exe	GData AntiVirusKit Anti-virus
U	AVKTray	AVKTray.exe	System Tray access to AntiVirenKit InternetSecurity from G DATA Software AG
Y	AvMaiSrv	Avmaisrv.exe	Part of Avast! anti-virus software - E-mail scanner
Y	AVMWlanClient	wlangui.exe	Related to broadband products from avm.de
X	avnort	formatsys.exe	Added by the SERFLOG.A WORM!
X	avnort	msmbw.exe	Added by the SERFLOG.A WORM!
X	avnort	serbw.exe	Added by the SERFLOG.A WORM!
Y	avp	avp.exe	Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory
X	AVP	[path to trojan]	Added by the MUTBO-A TROJAN!
X	avp	avp.exe	Detected by Kaspersky as the ALPHABET.B TROJAN!
X	avp	win.tmp.exe [ is a number]	Added by a variant of the ALPHABET TROJAN!
X	avp	xar6000v7.exe	Detected by Kaspersky as the ALPHABET.B TROJAN!
X	AVP-SE	avp-32.exe	Added by the AGOBOT.FS WORM!
X	avpa	avpo.exe	Added by the LEGMIR-ARK TROJAN!
Y	avpcc	avpcc.exe	Kaspersky Labs anti-virus
Y	avpm	avpm.exe	Kaspersky anti-virus
X	AvpM	AvpM.exe	Added by the STARTPAGE-ID TROJAN! Note - this is not the popular Kaspersky antivirus and this file is located in the WINDOWSpchealthUploadLBConfig directory
X	avpms	avpms.exe	Detected by Kaspersky as the ONLINEGAMES.CPV TROJAN! See here
X	Avpr	avpr.exe	Added by the MYDOOM.AF WORM!
X	AVPSrv	AVPSrv.exe	Added by the ONLINE-GEN TROJAN!
X	avptask	[path to trojan]	Added by the NOFERE-G TROJAN!
X	avptask	expl0rer.exe	Added by the AGENT.JJO TROJAN!
X	Avptask	rund1132.exe	Added by the AGENT.PKZ TROJAN!
X	AvpWx	WErcx.exe	Detected by Kaspersky as a variant of the AGENT.A TROJAN!
X	Avril Lavigne - Muse	[random filename]	Added by the AVRIL-A WORM!
Y	AVSCHED32	AVSched32.exe	AntiVir? PersonalEdition Classic - antivirus
Y	AVSchedScan	SCHSC9X.EXE	Command Antivirus related
X	AvSer	dsm.exe	Added by the SERFLOG.B WORM!
X	AvSer	msmpatch.exe	Added by the SERFLOG.B WORM!
X	AvSer	svosm.exe	Added by the SERFLOG.B WORM!
X	AvSer	sysup.exe	Added by the SERFLOG.B WORM!
X	avserve.exe	avserve.exe	Added by the SASSER WORM!
X	avserve2.exe	avserve2.exe	Added by the SASSER.B or SASSER.C WORMS!
X	avserve3.exe	avserve3.exe	Added by the SASSER.G WORM!
U	AVStation premium	AVStation agent.exe	Related to Samsung AV Station - instant playback of music, photos, videos
X	avtapi	avtapi.exe	Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"
N	Avtray	Avtray.exe	Command Antivirus tray icon
X	AVupdate32 Update	AVupdate32.exe	Added by the RBOT.CNI TROJAN!
?	AVWLPSTA	AVWLPSTA.exe	PRISM Status Tray Applet - but what is it for and is it required?
Y	AVWUpd32	AVWUPD32.EXE	AntiVir? PersonalEdition Classic - updater
Y	avx communicator	xcommsur.exe	Anti-virus part of BitDefender virus scanner/firewall
Y	Avxlive	avxlive.exe	Bullguard or BitDefender antivirus
Y	avxlni	avxinit.exe	Anti-virus part of BitDefender virus scanner/firewall
?	Avxnews	??	??
U	Awatch	Awatch.exe	Diagnosis tool that monitors DSL connections, installed alongside DSL drivers from AVM Fritz's range of modem products
U	AwaySch	AwaySch.EXE	Part of the IBM ThinkVantage Productivity Center. "The Away Manager application allows you preselect and run routine tasks to maintain your system's performance"
N	awhost32	awhost32.exe	Part of Symantec's pcAnywhere remote PC management software. Provides an automatic startup of the client PC in host mode in conjuction with a host-definition file, so system administrators can access the machine. Can cause a 10% reduction in speed and not recommended
U	AWMON	Ad-Watch.exe	Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
U	AWMON	Ad-Monitor.exe	F-Secure Anti-Spyware
U	awplite	awplite.exe	AllWallpapers Lite desktop wallpaper channger
?	AWUSGSTA	AWUSGSTA.exe	Reportedly related to a USB Wifi Adapter - is it required at startup?
U	awxDTools	awxDTools.dll, awxRegisterDll	AwxDTools related - a Windows Shell-Extension for the Daemon-Tools. It extends the context-menu of ImageFiles supported by Daemon-Tools (i.e.: .cue, .iso, *.ccd ...)
?	AxFilter	Rundll32 AXFILTER.DLL, Rundll32	??
X	AXVenore	AXVenore.exe	Added by an unidentified TROJAN - see here
U	AzMixerSel	AzMixerSel.exe	Related to Realtek_Azalia Mixer Selector
Y	azmodem	azexe.exe	Aztech Labs modem driver
?	a_vpd	vpd.exe	Located in the IBMTOOLSVPD sub-directory. What does it do and is it required?
N	B'sCLiP	BSCLIP.exe	CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
X	b.exe	b.exe	Added by the SDBOT.BND WORM!
N	B.Reader	remin.exe	Birthday Reminder 5.0 - as the name implies
X	b3d	BDEsecureinstall.exe	B3d Projector foistware - periodically trys to access the internet. (1) Uninstall it via Start -> Settings -> Control Panel -> Add/Remove Programs. (2) Remove the BDEsecureinstall.exe if still present in the "System" directory. (3) Disable and ideally delete it from the registry. (4) Remove the "BDE" directory and all its contents
X	b3dUpdate	Zupdate.exe	Associated with B3d Projector foistware - see here
U	b9	B9.exe	FireTrust Benign - allows you to receive e-mail which is safe from viruses, worms, scripts, web bugs, privacy threats and other security risks, without affecting your e-mail. "Benign neutralizes or strips out the code that makes viruses, worms, scripts and other potentially harmful things run"
X	b99	msmm.exe	ClientMan parasite variant
X	bab	svchst32.exe	Added by the AGENT.Q TROJAN!
X	babeie	rundll32 cnbabe.dll, dllstartup	CommonName Toolbar spyware. To uninstall see here
N	Babylon Client	Babylon.exe	Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
N	Babylon Translator	Babylon.exe	"Babylon-Pro is a powerful information tool that instantly provides relevant information, translations & conversions for any word or value you click on"
X	Back Updates	Uninstall.log.vbs	Added by the YPSAN.D WORM!
U	Back2zip	Back2zip.exe	Back2zip is a simple and elegant backup solution which uses the industry's most powerful ZIP and ZIP-64 technologies to constantly monitor your documents and make sure that they are always properly backed up
X	Backdoor.NuAgent	agent.exe	Added by the AGENT-DP TROJAN!
X	Background Intelligent Transfer Service	rundll32.exe	Added by the VB-ZD TROJAN! Note - this file is located in the C:Windowshelp folder, and is not to be confused with the legitimate rundll32.exe file!
U	BackgroundSwitcher	bgswitch.exe	Originally included with Microsoft's XP PowerToys (but now withdrawn - see here, Background Switcher allows your desktop background to periodically change
U	BackgroundSwitcher	BackgroundSwitcher.exe	John?s Background Switcher (or JBS for short) periodically changes the background image on your computer (like every hour or every day) to something interesting
N	Backpack UDF	bpudfmon.exe	Backpack UDF packet writing software for Microssolutions' Back Pack external CD-RW drive. Similar to DirectCD. Run manually before insert an appropriately formatted CD-RW disk
X	backup	[path to worm]	Added by the AGOBOT-H WORM!
X	Backup Service	backup.svc	Unidentified adware
U	Backup4all OTB Agent	B4AOTB.exe	"Backup4all is an award-winning data backup software for Windows. This backup utility was designed to protect your valuable data from partial or total loss by automating backup tasks, password protecting and compressing it to save storage space"
U	BackupExecScheduler	besch.exe	Veritas "Back Up My PC" software
?	BackupNotify	backupnotify.exe	HP Digital Imaging related. What does it do and is it required?
N	BackWeb	backweb.exe	Automatically detects an internet connection and downloads any available updates. Typical on Compaq and HP PC's but not restricted to those OEM's. Resource hog and often causes malfunctions. Available via Start -> Programs
N	Backwork	Backwork.exe	Backwork trojan detector
U	BACPI10	bacpi10a.exe	Known as "PowerKey" - a minimalistic keyboard driver that allows power management keys on BTC keyboards to function properly in older OS's (i.e. Win95/98/NT4). Also adds an icon to the system tray
N	BacsTray	BacsTray.exe	Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
X	BADDATE	BADDATE.EXE	Added by an unidentified VIRUS, WORM or TROJAN!
X	BagleAV	csrss.exe	Added by the NETSKY.AB WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
X	Bakra	IEHost.EXE	Added by the MULTIDR-AH TROJAN!
X	bal	SYSMONMS.EXE	Added by the FAKEALERT TROJAN!
X	Band-Aid	[path to file]	Added by the RANKY.O TROJAN!
U	bandmon	bandmon.exe	Rokario Bandwidth Monitor
X	Bandook	ali.exe	Added by the EXEMAS-B TROJAN!
U	Bandwidth Monitor Pro	Bandwidth Monitor Pro.exe	Bandwidth Monitor Pro - utililty to track your current download/upload limit that may be set by your ISP
U	Banpopup by Pratik	Banpopup.exe	Banpopup - popup killer
X	bantool	ie_ban.exe	Detected as the VB.PO TROJAN!
X	Bar Ding lolt	Analiz.exe	Added by the RBOT-RP WORM!
X	bargains	bargains.exe	BargainBuddy foistware
X	bargains	bargainbuddy.exe	BargainBuddy foistware
?	Bart Station	station.sbrt	Related to PeoplePC ISP. May be a dialler for dial-up accounts?
U	Bart Station	PPCOLink.exe	Dialer for PeoplePC ISP
X	BarTheme	bartent32.exe	Added by the AGOBOT-UG WORM!
N	bascstray	BascsTray.exe	Broadcom Advanced Control Suite - for modems and set top boxes based upon Broadcom chipsets. Not required unless you have networking problems
X	Bat	secure2.bat	Added by the ZCREW.C TROJAN!
N	Batchreg1	N/A	Part of the Windows System Recovery process. Added to the registry via Msbatch.inf. The existence of this key or process after the last reboot during installation indicates an unsuccessful installation, as that key should be deleted automatically. See here
U	BatInfEx	rundll32.exe	Displays battery status information on an IBM Thinkpad
X	BatSrv	batserv2.exe	Detected by Kaspersky as the LOCKSY.M WORM!
U	Battery Scope	batmgr.exe	Monitors battery levels on a notebook/laptop PC
U	BatteryBar	batterybar.exe	BatteryBar - displays battery usage, and the current percentage of battery power left
X	BatzBack	BatzBack.scr	Added by the BACKZAT WORM!
U	BAUSB	BAUSB.exe	Boston Acoustics Audio, USB driver
X	bawindo	bawindo.exe	Added by the BEAGLE.AR or BEAGLE.AU WORMS!
U	BayMgr	DockApp.exe	Hot-swappable drive management on laptops allowing you to change drives without closing down Windows. Only required if you frequently swap bay devices
U	Bayswap	bayswap.exe	Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
U	Bayswap2	TbUpdate.exe	Hot-swappable drive management on Compaq Notebooks which allows you to swap drives without closing down Windows. Only required if you frequently swap bay devices
N	BBC Alerts	BBC_Alerts.exe	BBC Alerts - "You can now have all the latest news and sports headlines delivered straight to your desktop with the new BBC Alerts service"
U	BBC News alerts	skinkers.exe	BBC News Desktop Alerts service - see here. Desktop alert and breaking news e-mail services let you find out about all the latest news as it happens
?	BBDial	BT Broadband.exe	Part of BT Broandband - is it required?
N	BBLauncher.exe	BBLauncher.exe	BounceBack Professional - back-up software
N	bbSysTray	bbSysTray.exe	Philips CD-RW related - "the 'Blue Button' feature gives users the chance to receive convenient online support for their possible device problems or questions"
U	bbui	bbui.exe	AOL DSL status monitor displaying a red/green icon indicating if you have a connection
U	bca	bca.exe	BeClean Agent - registry, history, temp files, etc cleaner
U	BCDetect	bcdetect.exe	Bcdetect.exe searches the system to make sure Creative drivers are installed for the video card. It loads the BlasterControl when the drivers are detected. Your choice - try it and see
Y	BCMDMMSG	bcmdmmsg.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
U	BCMHal	rundll32.exe bcmhal9x.dll, bcinit	BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
Y	BCMSMMSG	BCMSMMSG.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
?	bcmwltry	bcmwltry.exe	Broadcom Corporation Wireless Network Tray Applet. Is it required?
N	BCNT	bcnt.exe	AWS Weatherbug related. What does it do?
X	BCPC	bcpc.exe	BroadcastPC adware variant
X	bcpc_c	bcpc_c.exe	BroadcastPC adware variant
U	BCTweak	bctweak.exe	BlasterControl for Creative video cards - controls for desktop settings, monitor configuration, colour adjustments and performance tuning. May be needed to retain settings
X	Bcvsrv32	bcvsrv32.exe	Added by the GAOBOT.BQJ WORM!
X	Bcvsrv32	he3.exe	Added by the AGOBOT.AKB WORM!
X	Bcvsrv32	msxml22.exe	Added by the AGOBOT.AKH WORM!
N	BCWipeTM	bcwipetm.exe	BCWipe Task Manager - scheduler for BCWipe so that it runs at convenient times. You can set a time for running the task, as well as special options for the task. Run manually when needed
X	BD	dc.exe	Added by the RASDOOR-A TROJAN!
U	BDAgent	bdagent.exe	BitDefender antivirus
Y	BDMCon	Bdmcon.exe	BitDefender antivirus
Y	BDNewsAgent	bdnagent.exe	BitDefender antivirus - updater
Y	BDOESRV	bdoesrv.exe	Bitdefender 8 antivirus and firewall
Y	BDSwitchAgent	bdswitch.exe	Bitdefender 8 antivirus and firewall
U	BearFlix	BearFlix.exe	BearFlix is optimized for the fast download of video files
N	BearShare	bearshare.exe	BearShare file sharing client. Versions known to include spyware - see here
U	BeatNik Internet Clock	BeatNik.exe	BeatNik Internet Clock is a Windows clock add-on that supports 'skins'. It can also synchronize your computer's clock with an atomic clock
X	Beawver	saqevre.exe	Added by a variant of the RANKY TROJAN!
X	Beegees Update	beegees.exe	Added by the SDBOT-ADK WORM!
?	BEEI	beei.exe	??
U	BeFaster	befaster3.exe	BeFaster internet connection optimization tool
?	BEHL	BEHL.exe	??
?	BEHLO	BEHLO.exe	??
U	beidsystemtray	beidsystemtray.exe	Related to Belgium Identity Card card reader
N	Belkin PCMCIA WLAN Monitor	monitorbk.exe	Belkin USB Network Adapter Management utility - can be started manually
N	Belkin Wireless Utility	Belkinwcui.exe	Wireles configuration utility for some Belkin cards such as the Wireless G Desktop Card
U	BellSouthAlertManager.exe	BellSouthAlertManager.exe	Related to BellSouth Alert Manager
U	BelNotify	rundll32.exe [path] NPBelv32.dll, RunDll32_BelNotify	"BelTech from Belarc enables licensees to offer automated, Web-based problem resolution to their end-users. BelTech allows the end-user to simply go to a web page and automatically resolve their problem or point them to the right solution. BelTech Manager allows non-programmers to rapidly and easily deploy and maintain this service"
?	BELORVBI	BELORVBI.exe	??
?	Belsta.exe	Belsta.exe	Configuration tool for Belkin wireless network cards. Required to change the card's configuration. Is it required for correct operation once the confuiguration is changed?
X	Belt	Belt.exe	VX2.Transponder parasite updater/installer related
X	Benadril Alert Tool	benadrilalert.exe	Plug-in for WeatherBug advising when pollen count in your area is high - prompting you to buy Benadril
U	BestCrypt Auto Open	BestCrypt.exe	BestCrypt from Jetico, Inc. "Keeps your confidential data in a strongly encrypted form on your disk and provides you with transparent access"
X	BestPopUpKiller	BestPopupKiller.exe	Popup killer by Swanksoft - not recommended, see here
X	BeSys	[path to file]	BeSys adware
X	beta	svchost.exe	Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	BF4P	bf4p.exe	Added by the IRCBOT.GEN WORM!
Y	bg	bullguard.exe	Bullguard antivirus and firewall. The P2P version is free with KaZaA Media Desktop and Grokster
U	BGInfo	Bginfo.exe	BGinfo automatically displays relevant information about a Windows computer on the desktop's background, such as the computer name, IP address, service pack version, and more
U	BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}	NMBgMonitor.exe	Associated with Nero Scout, added by version 7 of the Nero digital media suite (CD & DVD burning, authoring, etc). Thanks to Help2Go.com, if you feel this is draining more resources that necessary you can disable it by clicking here
Y	BGNewsAgent	bgnewsag.exe	BullGuard antivirus updater
N	bgsmsnd	bgsmsnd.exe	Printer driver to generate PDF files from any program
X	Bharatayuda	GNB.exe	Added by the BHARAT.A WORM!
N	BHOCop	BHOCop.exe	PC Magazine's BHO Cop that lets you see what browser helper objects are installed. Useful for detecting spyware
U	BHODemon 2.0	BHODemon.exe	BHODemon "protects you from unknown Browser Helper Objects (BHOs), by letting you enable/disable them individually. When running, it also monitors your Registry and alerts you when a BHO is installed. Best of all, BHODemon knows about the most common BHOs - the good ones, and the not-so-good ones!". If you prefer forgoing resident protection, the application can also be run on demand
U	BHR	BHR.exe	Browser Hijack Retaliator - recovers your browser after it has been hijacked by spyware, adware, etc
U	BI1HelperStartUp	BI1HEL~1.EXE	ScreenScenes "Beach Islands" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	BIE	Rundll32.exe [path] BDSrHook.dll, Rundll32	BDplugin parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	BIG	biggy.exe	Added by the DELBOT-AG WORM!
U	BigDog303	VM303_STI.EXE	Related to VIMICRO USB for PC Camera
N	BigDog305	VM305_STI.EXE	Vmicro webcam USB utility - allows the webcam to initiate data transfer to a program. Create a shortcut and start it manually when needed
?	BigDogPath	VM_STI.EXE	Bundled with some software for digital cameras that use a USB connection - what does it do and is it required?
N	bigfix	BIGFIX.EXE	BigFix can automatically download and read technical support information provided by computer and software manufacturers and other technical support experts (published in the form of Fixlet? Messages) and can automatically check your computer for bugs, configuration conflicts, and security holes. Should only be started manually as it's a resource hog
X	bigoris	bigoris.exe	Added by the DORF-AZ TROJAN!
U	BigPond Toolbar	bpumTray.exe	Telstra BigPond Toolbar - "Introducing the free and easy to use BigPond Toolbar that is designed to make your internet experience and managing your Telstra internet account a whole lot easier"
N	BigPondCable	bpcable.exe	Telstra Bigpond Cable login software - can be started manually
Y	BigPondWirelessBroadbandCM	BigPond_CM.exe	Related to BigPond_Wireless_Broadband Service by Telstra
X	bikini	bikini.exe	Added by the LOWZONE-CX TROJAN!
X	BillGatesLoh.exe	BillGatesLoh.exe	Added by the AGENT-FZO TROJAN!
N	Billminder	Billmind.exe	Can be setup in Quicken to remind user of due payments. Available via Start -> Programs
X	bin32hpu	ppstub.exe	PrecisionPop adware
X	bingdian	Bingdian.vbs	Added by the BINGD WORM!
?	Bingo Charm	charms.exe	Some kind of screen icon kind of like desk flag, but it gives you a choice of icons?
U	Biomenu	menusw.exe	Related to Sony VAIO - passwords, encryption, and a biometric fingerprint sensor
X	Bios	Bios32.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	bios	bios.exe	Added by the BANCBAN-PW TROJAN!
X	BIOS XP Loader	[random filename]	Added by the RBOT-IC WORM!
X	BIOS1	BIOS1.EXE	Added by the OPASERV.T WORM!
?	BIOVCIP	BIOVCIP.exe	??
N	BitComet	BitComet.exe	BitComet P2P client - can be launched from Start -> Programs
Y	BitDefender Antiphishing Helper	IEShow.exe	Antiphishing component of BitDefender 2008 products
X	BitDefender Antivirus	BITDEFENDERX.EXE	Added by a variant of the SPYBOT WORM!
Y	BitDefender Communicator	xcommsvr.exe	BitDefender antivirus
U	BitDefender for MSN Messenger	msnmon.exe	Bitdefender anti-virus for MSN Messenger - no longer supported at the BitDefender website
U	BitDefender for Yahoo! Messenger	yahmon.exe	Bitdefender anti-virus for Yahoo! Messenger - no longer supported at the BitDefender website
Y	BitDefender Live! Init	bdinit.exe	BitDefender antivirus
Y	BitDefender Scan Server	bdss.exe	BitDefender antivirus
Y	BitDefender Virus Shield	vsserv.exe	BitDefender antivirus
Y	bitdefenderlive	avxlive.exe	Main program of BitDefender virus scanner/firewall
U	BitDefender_P2P_Startup	BitDefender_P2P_Startup.exe	Bitdefender anti-virus for P2P clients - no longer supported at the BitDefender website
U	BitTorrent DNA	btdna.exe	"BitTorrent DNA is a content delivery service that uses a secure, private, managed peer network to power faster, more reliable, more efficient delivery of richer content"
N	BitWare Print Monitor	bwprnmon.exe	FaxServe network fax software
N	BJ Printer Status Monitor	Cjstsr.exe	Canon BJ printer status monitor
N	BJ Status Monitor 5xx	CJSTRxx.EXE	Canon printer status monitor - where "xx" is different depending upon the version. Not required as you can check the printer status via My Computer -> Printers
N	bjcfd	cdf.exe	BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
U	BJPD HID Control	TVMon.exe	Related to Canon Photo viewer
N	BlackICE PC Protection	blackice.exe	Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
N	BlackIce Utility	blackice.exe	Loads the user interface for the BlackICE PC Protection (was Defender) firewall program. From the parent site - '(the user interface) starts in the "Startup" menu and adds itself to the taskbar. The user interface is independent from the rest of the system and only displays the output or reconfigures the system. It does not need to be running for the rest of the system to run.' See also LoadBlackD
U	blads	blads.exe	A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
X	blah service	winupdate.exe	Added by the GAOBOT.BIA WORM!
X	blah service	winsysengine.exe	Added by the RBOT-KI WORM!
X	blah service	internet.exe	Added by a variant of the RBOT WORM!
X	blah service	smnp.exe	Added by the RBOT.IZ WORM!
X	blah service	msnmsgrr.exe	Added by the RBOT.PZ WORM!
X	blah service	tazkmgr.exe	Added by the RBOT.UA WORM!
X	blah service	FaLeH.exe	Added by the RBOT-AES WORM!
X	blah service	microsoft.exe	Added by a variant of the RBOT WORM!
X	blah service	evosys.exe	Added by a variant of the RBOT WORM!
X	blah service	win32.exe	Added by the RBOT-AXO WORM!
X	Blah service	CCAPPS32.EXE	Added by the RBOT.TV WORM!
X	blah services	iczw.exe	Added by the RBOT-GMP WORM!
X	blahh service	msengine.exe	Added by a variant of the RBOT WORM!
X	blahx service	msnjompa.exe	Added by the SDBOT.AML WORM!
X	Blank AntiViri	AUT0EXEC.BAT	Detected by Symantec as the SILLYFDC WORM! See here
N	BlazeChanger	FBZPaper.exe	Ember graphic file viewer, manager, and touch-up system
N	bldbubg	bldbubg.exe	Part of Dell Alerts which provides customers with an update on latest updates for his/her system
X	BLF	blf.exe	Added by the DELBOT-M WORM!
U	blinkx	blinkx.exe	Blinkx Desktop "Smart Folders" software
N	Blitzz BWI715	WLANmon.exe	Blitzz Technology BWI715 Wireless PC modem connection monitor
X	BLMessagingIntegration	blengine.exe	BuddyLinks adware
U	BlockAds	blads.exe	A Tweak-XP component, blocks advertisement banners in Internet Explorer. Can be enabled/disabled via Tweak-XP / Internet Tweaks
X	BlockChecker	Block-checker.exe	BlockChecker adware
X	Blocker System611 Monitoring	PopUpBlocker611.exe	Added by the RBOT.BLJ WORM!
N	BlockTracker	BlockTracker.exe	If present on a HP machine it tracks all the processes and logs them to a blocklog.txt file
U	BLOG	rundll32.exe [path] BatLogEx.DLL, StartBattLog	IBM Thinkpad battery management utility that logs changes in battery conditions such as charging, discharging, etc
U	blsloader	blsloader.exe	BellSouth ISP Internet Tools
X	blss	blss.exe	Added by the BLARUL TROJAN!
N	BLSTAPP	blstapp.exe	Puts access to Creative's BlasterControl in the System Tray
N	Blubster	Blubster.exe	Related to Blubster Music sharing service
U	Blue Frog	bluefrog.exe	Blue Frog by Blue Security Inc. - actively fights spam by posting complaints on the sites advertised by the spam you receive
X	Blue Service	[path to trojan]	Added by the BANCOS-BCW TROJAN!
?	BlueLight_uoltray	exec.exe	Related to BlueLight Internet. What does it do and is it required?
U	BlueSoleil	BLUESO~1.EXE	BlueSoleil Bluetooth wireless manager from IVT Corporation
U	BlueSpace NE	BlueSpaceNE.exe	"BlueSpace NE is a utility program used to run the Bluetooth function on VAIO computers that support the Bluetooth function or on VAIO computers connected to the Bluetooth USB adapter". Shortcut available via Start -> Programs
X	Bluetooth Config	btwindin32.exe	Added by the SDBOT-DFN WORM!
U	BlueToothAuthentication Agent	RunDLL32.exe irprops.cpl, BluetoothAuthenticationAgent	Associated with BlueTooth software, designed to allow bluetooth mobile devices to authenticate to the computer, when connecting a PDA to your computer - necessary for the computer and the PDA to communicate. Should you get the error message, "Rundll irprops.cpl missing entry Bluetooth authentication agent", click here for more information. In case you no longer have BlueTooth support installed, and don't need it, simply uncheck the entry in Msconfig > Startup
U	Blueyonder Instant Support Tool	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". Blueyonder Instant Support is required to run with the Help and Support program. If you uncheck it and and then run Help and Support it will add another Blueyonder Instant Support in the startup menu. If you remove Blueyonder Instant Support in add/remove programs some help menus in help and support will not be available. You decide
N	BMail Installation	FTP_back.exe	Part of iMesh - a file sharing system. Reported by Norton AntiVirus as a trojan. Once deleted does not prevent file sharing working. Older versions of iMesh re-instate this but the newer versions do not
X	Bman	BMan1.exe	Abcsearch.com/DealHelper adware variant
U	BMMGAG	Rundll32 PWRMONIT.DLL, StartPwrMonitor	Displays a battery gauge icon in the Taskbar (not the System Tray). Provides shortcuts to IBM's proprietary power saving settings and to a battery information window
U	BMMLREF	BMMLREF.EXE	Battery Manager for IBM ThinkPad laptops
U	BMMMONWND	rundll32.exe [path] BatInfEx.dll, BMMAutonomicMonitor	Battery power management utility for Lenovo (IBM) ThinkPad laptops
U	BMO MasterCard Wallet	EWALLET.EXE	The wallet conveniently stores billing, shipping and payment information on your PC
N	BMupdate	BMupdate.exe	Related to the BookmarkCentral entry. Typically added after downloading drivers for Visioneer scanners for example, and you install the driver self-install
X	BMZ	bmz.exe	NCase adware
X	Bndt32	Bndt32.exe	Added by the LACON WORM!
X	Bnexe	[random filename]	Added by the KITRO.D (or ARGEN.A) WORM!
U	BO1HelperStartUp	BO1HEL~1.EXE	ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
U	BO1HelperStartUp	Bo1helper.exe	ScreenScenes "Butterfly Oasis" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	Boarddata	[path] repcale.exe [path] palsp.exe	Added by a variant of the RANDON.AN WORM!
X	boat32	boat32.exe	Added by a variant of the RBOT WORM!
X	boby	csrs.scr	Added by the BANCBAN-PC TROJAN!
Y	BOC-423	BOC423.exe	NSClean BOClean (now Comodo) anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.23
Y	BOC-424	BOC424.exe	NSClean BOClean (now Comodo) anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.24
Y	BOC-425	BOC425.exe	Comodo BOClean anti-malware software - "Protect yourself from online identity theft. The greatest threat on the Internet today is having your personal information hijacked remotely". Version 4.25
Y	BOC412	BOC412.exe	Version 4.12 of NSClean's BOClean anti-trojan software
Y	BOCleanautostart	Boclean.exe	NSClean's BOClean anti-trojan software
U	BOINC Manager	boincmgr.exe	BOINC manager - "controls the use of your computer's disk, network, and processor resources"
U	Boingo Wireless Utility	Icon###XXX#X#.exe	Starts the Boingo Wireless utility, used to detect and login into Boingo wireless hotspots. The filename may be autogenerated when installing, two different variations along the lines listed here, where # is a number and X is a letter. Shortcut available via Start -> Programs
X	bolenja	bolenja.exe	Added by the WANTVI.BF TROJAN!
X	bolenjx	bolenjx.exe	Added by the ELDYCOW.O TROJAN!
X	boler.exe	syser.exe	Added by the RBOT-AYS WORM!
U	bombshel	BOMB32.EXE	Part of McAfee Nuts & Bolts. Protects your Windows system from application failure and crashes - similar to Norton Crashguard. Your choice - may cause problems
X	Bonzi Buddy	??	Bonzi Buddy adware - see here for removal instructions
X	boo	boo.exe	Adware downloader - detected by Kaspersky as the FAVADD.O TROJAN!
X	BookedSpace	RunDLL32.EXE bs2.dll, DllRun	BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs2.dll" file is located in the Winnt or Windows folder
N	BookmarkCentral	BMLauncher.exe	Bookmark Express - "offers a more flexible way to manage Web site bookmarks, regardless of which browser you use"
N	BookMarkSink	syncit.exe	Bookmark synchronization utility
N	BookMarkSync	syncit.exe	Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
N	BookMarkSync2It	sync2it.exe	Sync2IT BookMarkSync - "real-time automatic synchronization service that allows you to access your bookmarks, favorites and favorite files from any computer or any browser". Only installed with the users explicit permission and generally only remains running if the user decides to subscribe to the service. If it is no longer required it should be uninstalled to prevent a large number of clients 'checking in' to the server that have no chance of synchronizing
U	Boost XP Service	bxservice.exe	Boost XP from Systweak - WinXP tweaking utility
X	boot	boot.exe	Added by the PUPPET-A TROJAN! Located in the System (9x/Me) or System32 (NT/2K/XP) folder
U	Boot	Boot.exe	Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles". Located in the "AcerEmpowering TechnologyePower" directory
X	Boot Check	bootchk.exe	Added by the DELBOT-AB WORM!
X	Boot Config	bootconfig.exe	Added by the FLOOD-EV TROJAN!
X	Boot Manager	Njgal.exe	Added by the KILO TROJAN!
X	Boot Manager	bootmng.exe	Added by a variant of the SPYBOT WORM!
X	BootCfg	Install.log.vbs	Added by the YPSAN.D WORM!
X	BootCTRL	bootctrl.exe	Added by an unidentified WORM or TROJAN!
X	BootLoader	BootLoader.exe.vbs	Added by the WATERWORKS WORM!
X	bootpd.exe	bootpd.exe	Added by the AGENT-DT TROJAN!
X	BootsCfg	wscript.exe [path] Date.POP.vbs	Added by the KUULLIO WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
X	BootsCfg	wscript.exe [path] All Users.vbs	Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
X	BootsCfg	wscript.exe [path] All Users.vbe	Added by the SPILTRON WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
X	BootsCfg	wscript.exe Install.log.vbs	Added by the YPSAN.E WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "Install.log.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
U	BootStatus	BOOTST~1.EXE	Visual Basic program that pops up a small window on startup telling you how many times the machine has been booted that day. Once you exit it, it has no more effect on resources
U	BootWarn	BootWarn.exe	From here: "Norton AntiVirus Boot Warning. This program is installed as a startup item when you install Norton AntiVirus, and also sometimes when you do a LiveUpdate which updates Norton AntiVirus significantly enough that a reboot is needed to complete the installation. We believe its purpose to be to warn the end-user that he must reboot his PC before using Norton AntiVirus in those cases when a reboot did not happen with the result that Norton AntiVirus did not fully complete its installation or software updating. Recommendation : Start Norton AntiVirus from "Start Programs Norton AntiVirus". If Norton AntiVirus comes up without problems, then fix this entry from the Msconfig Startup tab - it was left behind by mistake and is no longer needed now that Norton AntiVirus is fully installed and opens without error messages"
X	boot_reg	[path to file]	Added by the BANCBAN-CA TROJAN!
N	Bose Wave/PC Monitor	wavepcmonitor.exe	System Tray access for this system (more info on the system here). Available via Start -> Programs
X	BossIdea	winlogin.exe	Added by the LINEAGE-I TROJAN!
?	Boston	Boston.exe	Part of the Boston Acoustics USB speaker systems. What does it do and is it required?
X	Bot Loader	svchostt.exe	Added by the GAOBOT.ALV WORM!
X	Bouncer RunStartup	bouncer.exe	Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
X	Bouncer RunStartup	LiveUpdate.exe	Virtual Bouncer - malware from Spyware Labs. It is distributed by the same bundling and drive-by download techniques as the parasites it claims to remove, so definitely qualifies as unsolicited commercial software in itself. It also has an update feature that can download and execute arbitrary code. Warning - choose "custom" uninstall as "automatic" may remove other programs - see here
X	boy lovers of bsd	ilikeboys.exe	Added by the MYTOB.LY WORM!
U	bpcpost.exe	bpcpost.exe	MS TV Viewer Post Setup Program. Part of MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
X	BPCv2 re	bpc2 re inst.exe	BroadcastPC adware variant
U	BPK	bpk.exe	Blazing Tools Perfect Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!
N	BPServer	G6FTPSrv.exe	BulletProof FTP Server
U	BQTray.exe	BQTray.exe	System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
X	Brasil	Brasil.exe	Added by the OPASERV.E WORM!
X	Brasil	BRASIL.PIF	Added by the OPASERV.E WORM!
X	BrasilOld	[worm filename]	Added by the OPASERV.P WORM!
X	BraveSentry	BraveSentry.exe	BraveSentry spyware remover - not recommended, see here
X	braviax	braviax.exe	Added by an unidentified malware
X	Brct	trdb.exe	Detected by Kaspersky as the PURITYSCAN.Y TROJAN!
U	Break_Reminder	BREAK REMINDER.exe	Break Reminder - Remind yourself to take breaks to prevent computer related injuries. See here
Y	Bredbandsbolaget	servicecenter.exe	Related to the Brebband Swedish Broadband provider
X	Breg	bcre.exe	BroadcastPC adware variant
X	Breg	bptre.exe	BroadcastPC adware variant
X	Breg	breg.exe	BroadcastPC adware variant
X	Bridge	rundll32.exe ...Bridge.dll	Flingstone.com browser hijacker
Y	Brindys BriTray	BRITRAY.EXE	Main process for the following applications: GEDEX, SICARIO, BRINOTES, BRIRESPA, SICURE, TRASGO, UNDOCS, FRESH & BRIFAME (all of them from Brindys Software). Performs the following tasks [un]installation, web software autoupdate, notification windows, interprocess communication, tray bar icons & menus, alarms (brinotes), and common web launching from the mentioned applications. Can be stopped safely once run if so desired
U	BrmfRmPA	BrmfRmPA.exe	Brother resource manager - needed for a Brother MFC printer/copiert/scanner and PC to properly communicate
U	broadband medic	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". ntlbroadband Help is required to run with the Help and Support program. If you uncheck ntlbroadband Help and and then run Help and Support it will add another ntlbroadband Help in the startup menu. If you remove the ntlbroadband Help in the add/remove program some help menus in help and support will not be available. You decide
N	Broadband Wizard	bbwiz.exe	Starts Broadband Wizard so it runs in the System Tray. This application tests and optimizes your Cable or DSL connection. Available via Start -> Programs
N	BroadCamRun	broadCam.exe	BroadCam is an easy to use video streamer designed to broadcast live video using a webcam (or other camera) and microphone
U	Broadcom Wireless Manager UI	bcmntray.exe	Related to Broadcom Network Adapters for additional configuration options for these devices. Should not be terminated unless suspected to be causing problems
N	Broadcom Wireless Manager UI	wltray.exe	System tray access to wireless LAN card configuration options
X	Bron-Spizaetus	CVT.exe	Added by the RONTOKBRO WORM!
X	Bron-Spizaetus	norBtok.exe	Added by the RONTOKBRO.B WORM!
X	Bron-Spizaetus	[path to file]	Added by the BRONTOK-F WORM!
X	Bron-Spizaetus	bronstab.exe	Added by the RONTOKBRO.C WORM!
X	Bron-Spizaetus	eksplorasi.exe	Added by the RONTOKBRO.J WORM!
X	Bron-Spizaetus	ElnorB.exe	Added by the RONTOKBRO.D WORM!
X	Bron-Spizaetus	sempalong.exe	Added by the BRONTOK-E WORM!
X	Bron-Spizaetus	RakyatKelaparan.exe	Added by the BRONTOK-J or BRONTOK-L WORMS!
X	Bron-Spizaetus-5118REPM	komodo-6321422.exe	Added by the BRONTOK-R WORM!
X	Bron-Spizaetus-cfgmktoq	bbm-qotkmgfc.exe	Added by the BRONTOK-M WORM!
X	Bron-Spizaetus-cfgmmnru	bbm-urnmmgfc.exe	Added by the BRONTOK-N WORM!
X	BrowseProxy	FindService.exe	Actual Names (AdvSearch) Internet Keywords parasite
X	browser	msgaol.exe	Added by the TACTSLAY.C TROJAN!
X	browser	s_menu.exe	Added by the TACTSLAY.C TROJAN!
X	browser	browse.exe	Added by the TACTSLAY.C TROJAN!
X	browser	deamon.exe	Added by the TACTSLAY.C TROJAN!
X	browser	msgaol.exe	Added by the TACTSLAY.C TROJAN!
X	browser aid	browseraid.exe	BrowserAid/BrowserPal foistware
X	Browser Help Svc	BHSV.EXE	Added by the RBOT-AVQ WORM!
Y	Browser Hijack Blaster	bhblaster.exe	Browser Hijack Blaster - protects your system from browser hijackers and spyware that alters your IE settings. Now replaced by SpywareGuard
U	Browser Launcher	Commandr.exe	Logitech internet keyboard "Commander" software - loads the software for the shortcut keys on the keyboard. Not required unless you want to use the short cut keys
X	Browser Pal	adblck.exe	BrowserAid/BrowserPal foistware
U	Browser Sentinel	BrowserSentinel.exe	Browser Sentinel - notifies you if a program wants to penetrate into Internet explorer, add itself to the Windows auto-run list or change your home page
X	BrowserUpdateSched	[random filename]	ZenoSearch adware
N	BrowserWebCheck	loadwc.exe	Checks to make sure that IE is still your default browser
X	BrO_AcT	BrO-AcT.exe	Added by the SILLYFDC-D WORM!
X	brwdiag	[path to worm]	Added by the STRATIO-BN WORM!
N	BS Player	bsplayer.exe	BSplayer - A video player used to play avi, mpg, wmv and other multimedia files
N	BsCLiP	BSCLIP.exe	CD recording utility that comes with a lot of CDR/CDRW drives and isn't required
X	Bsoft lppt01	Bsoft.exe	RapidBlaster variant (in a "BelmontSoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
N	bsplayer	bsplayer.exe	BSplayer - a video player used to play avi, mpg, wmv and other multimedia files
X	BSserver	FileKan.exe	Added by the VB.CBW WORM!
X	BSVCHOST	SVCH0ST.EXE	Added by the VOXOM TROJAN!
X	Bsx3	RunDLL32.EXE bs3.dll, DllRun	BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bs3.dll" file is located in the Winnt or Windows folder
X	BT	[path to trojan]	Added by the LITEBOT-B TROJAN!
U	BT Broadband Desktop Help	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
U	BT Broadband Help	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". BT Broadband Help is required to run with the Help and Support program. If you uncheck BT Broadband Help and and then run Help and Support it will add another BT Broadband Help in the startup menu. If you remove the BT Broadband Help in the add/remove program some help menus in help and support will not be available. You decide
X	BT00003*	abcdefg23.exe	Added by the VB-VT TROJAN where * = 5,6 or 7!
X	BT00003*	hiklmnop27.exe	Added by the VB-VT TROJAN where * = 2,3 or 4!
U	btbb_wcm_McciTrayApp	McciTrayApp.exe	System tray access to Motive's Broadband 2.0 configuration and repair utility
?	btinst	btinst.exe	Associated with an Anycom bluetooth wireless card. What does it do and is it required?
U	BTModemProtection	BTModemProtection.exe	BT Privacy Online modem protection software, see here
U	BTopenworld	DialBTYahoo.exe	BT Yahoo! internet connection manager
?	BTSETBOOTKEY	BTSetBootKey.exe	Related to a USB Bluetooth adaptor. What does it do and is it required?
U	BtStart	btstart.exe	Broadcom (formerly WIDCOMM) Bluetooth Connectivity Software
U	bttray	bttray.exe	System tray icon which shows the status of a BlueTooth wireless module. Most systems with such a module installed can enable/disable the module. The system tray icon changes from blue/white to blue/red when the module is turned off. Allows access to explore bluetooth places, setup wizard, advanced configuration, quick connect and shutdown device
Y	BTUSRBDG	BtUsrBdg.exe	Used with a Mitsumi USB Bluetooth adaptor (and maybe others)
Y	BTUSRBDGF	BtUsrBdg.exe	Used with a Mitsumi USB Bluetooth adaptor (and maybe others)
X	BTV	btv.exe	BroadcastPC adware variant
Y	Bubble	Bubble.exe	Added by Windows SteadyState which "helps make it easy for you to keep your computers running the way you want them to, no matter who uses them." Bubble allows notification messages to appear on a computer managed by Windows SteadyState
N	Buddyizer	Buddyizer.exe	Part of the AIMster Peer to Peer (P2P) file sharing application that runs over the AOL Instant Messenger network
U	BUFFALO Power Save Utility for HD	HDManage.exe	Power Save utility for Buffalo backup hard discs
N	Bug Eliminator	Bug_Elim.exe	Bug Eliminator - "performs a complete health check on your computer safely, securely, and silently!"
U	bugwatcher service	bugwatcher.exe	Bugtoaster is a service that sends reports on system/program crashes (certain types) back to Bugtoaster. They relay information to program authors and provide, if available, any known solutions to the crashes. It doesn't take up any room in memory, just activates in the event of certain program failures
N	BuildBU	bldbubg.exe	Part of Dell Alerts which provides customers with an update on latest updates for his/her system
X	BuildLab	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X	BuildLab	winlogon.exe	Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X	BuildLabs	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	BuildLabs	lsass.exe	Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
U	Bulldog Service	upsd.exe	Belkin's Bulldog Plus control software which runs under Windows 95 or later and monitors the UPS (Uninterrupted Power Supply) via a serial or USB link
N	BulletProof FTP Server	bpftpserver.exe	BulletProof FTP Server
Y	BullGuard	mgui.exe	Part of Bullguard antivirus
Y	BullGuard	BullGuard.exe	Part of BullGuard antivirus
U	BullGuard Update	avxlive.exe	Part of Bullguard antivirus. Leave enabled unless you manually update virus definitions
Y	BullGuard XComm	XCOMMSVR.EXE	Part of Bullguard antivirus
Y	BullGuardInit	AVXINIT.EXE	Part of Bullguard antivirus
Y	BullguardoptIn	bulldownload.exe	Part of Bullguard antivirus
X	BullsEye	bargains.exe	BargainBuddy adware
X	BullsEye Network	bargains.exe	BargainBuddy adware
?	BullsEye Tracker	BeTrack.exe	Bullseye - intelligent research assistant
X	Bunx	beagle.exe	Added by the LEBREAT-E WORM!
N	BurnQuick Queue	BQTray.exe	System Tray access to BurnQuick CD burning software. Only required if you use the queueing facility, hence the U recommendation. Create your own desktop shortcut to start manually
U	Button Server	bttnserv.exe	Found on a Compaq PC, for the extra buttons on the keyboard for the speaker volume, media player, sleep and internet buttons. If the buttons aren't used on the keyboard or your's doesn't have them, then it isn't required
N	ButtonKey	ButtonKey.exe	CyberView TWAIN driver for the Pacific Image range of 35mm film scanners. Enables the one touch scanning button and places an icon an the System Tray. Use your scanners software or run it manually by creating a shortcut
N	Buzme	Bmui.exe	Buzme by RingCentral, Inc - internet call waiting. Intercepts telephone calls like an answering machine and plays the voice message on your PC. Only required when you're on-line and via dial-up modem
U	BuzMe	RCUI.exe	Display Client for the BuzMe Internet Call Waiting Service
U	Buzof.exe	buzof.exe	Buzof from Basta Computing "enables you to automatically answer, close or minimize virtually any recurring window including messages, prompts, and dialog boxes"
N	bwprnmon.exe	bwprnmon.exe	FaxServe network fax software
X	bxproxy	bxproxy.exe	Added by the BXPROXY TROJAN!
X	bxproxy	[random].dll	Spyware Soft Stop misleading security software - not recommended, see here and here
X	bxsx5	RunDLL32.EXE bsx5.dll, DllRun	BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bsx5.dll" file is located in the Winnt or Windows folder
X	bxxs5	RunDLL32.EXE bxxs5.dll, dllrun	BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "bxxs5.dll" file is located in the Winnt or Windows folder
X	Bymer.Scanner	Wininit.exe	Added by the BYMER WORM!
X	Bymer.Scanner	Msinit.exe	Added by the BYMER WORM!
U	BySoft FreeRAM	FreeRAM.exe	"Bysoft FreeRAM is a program that frees up ram manually or automatically. It shows current memory status , memory load and CPU usage graphically". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
X	c	c:archiv~1win.com	Added by the CUYDOC TROJAN!
U	C-Media Echo Control	EchoCtrl.exe	C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. You may need it if you use the echo control feature of C-Media Mixer
N	C-Media Mixer	Mixer.exe	C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
U	C2K	CYB2K.EXE	CYBERsitter 2000 or 2001 - anti-adult content filter primarily. Required if you want the sites you visit filtered without having to load the software every time you launch your browser
U	c32cs2	c32cs2.exe	Cyber Sentinel - internet filtering software
X	C7	[path to worm]	Added by the MEDIAKILL.A WORM!
U	C:\Program Files\NetMeter\NetMeter.exe	NetMeter.exe	"Net Meter is a small, customizable network bandwidth monitoring program for Win9x/Me/NT4/2K/XP. NetMeter is and will always stay freeware. The program has been tested extensively on Win2K/XP, but it should work just as well on all other Win32 operating systems"
X	C:\WINDOWS\IEXPLOR.EXE	IEXPLOR.EXE	"Pop Marketing" adware
X	C:\WINDOWS\system32\SetupCmd.exe	SetupCmd.exe	Detected by Kaspersky as the AGENT.AAW TROJAN!
X	C:\WINDOWS\WinTask.exe	WinTask.exe	"Pop Marketing" adware
U	CA-AMAgent	amagent.exe	Unicenter Asset Management is a solution for proactively managing IT assets in a business environment. It provides full-featured asset tracking capabilities through automated discovery, hardware inventory, network inventory, software inventory, configuration management, software usage monitoring, license management and extensive cross-platform reporting
Y	CaAvTray	CAVTray.exe	eTrust? EZ Antivirus system tray application from Computer Associates
X	Cabchk	Cabchk.exe	Added by the GEMA TROJAN!
X	Cabchk32	Cabchk32.exe	Added by the GEMA TROJAN!
X	CABCInstall	CABCInstall.exe	Ignite Technologies (was CABC) content delivery software
X	Cable Modem Adapter	WindowsSec.exe	Added by the WOOTBOT.A WORM!
U	CacheBoost	trayicon.exe	CacheBoost "optimizes the System Cache-Management of Windows XP/2000/NT and Windows .Net Servers, resulting in a performance boost"
X	CacheLoader	[path to trojan]	Added by the DLOADER-NZ TROJAN!
N	Cacheman	Cacheman.exe	Freeware disk cache tweaker from Outer Technologies. Should only be run once and not loaded at start-up
Y	CacheMgr	CacheMgr.exe	Sophos Antivirus Remote Update
U	CacheSentry Pro	CacheSentry Pro.exe	"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
U	CacheSentry Pro	CacheSentry Pro.exe	"CacheSentry Pro is a program that takes over the management of the Internet Explorer (and AOL) web browser cache"
N	CACStarter	cacstart.exe	Cash A Check - check writing software
U	Caddais BackupOnDemand	BODMon.exe	Caddais BackupOnDemand - "runs in the background and monitors your important files for changes. Within seconds of changing, modified files are automatically backed up to an archive location"
U	Cadenza	CdzSvc.exe	Cadenza mNotes for Palm and Pocket PC enables users to access Lotus Notes on their mobile devices
U	CADS	cads.exe	Cyber Sentinel - internet filtering software
U	CafeStation	CafeStation.exe	"CafeSuite is the solution for your internet cafe. Our software provides you with ameans to control the workstations, manage customer database, sell products and generate detailed reports and statistics"
Y	cafwc	cafw.exe	CA Personal Firewall - part of the CA Internet Security Suite
N	CAgent	CAgent.exe	Abbyy Fine Reader OCR (Optical Character Recognition) software for scanning and converting documents
X	cAgOu	[filename].hta	Added by the KAKWORM WORM!
N	CahootWebcard	CahootWebcard.exe	"The Cahoot Webcard is a virtual card that allows you to use your Cahoot credit card online without ever having to expose your real card numbers over the web. It works by generating one-off transaction numbers as a substitute for your real cahoot credit card details". Run manually when needed
X	caidiysetup	diynetsetupuni.exe	DIYNet adware
Y	CAISafe	isafe.exe	Part of Computer Associates eTrust EZ Antivirus
U	CaISSDT	caissdt.exe	Computer Associates Dashboard Tray applet
N	Cal Reminder Shortcut	calrem.exe	Produces a pop-up reminder of events scheduled using the MS Office Calendar
X	Calc Microsoft Windows	wincalc.exe	Added by an unidentied WORM or TROJAN!
X	CALC32	CALC32.EXE	Added by the SPYBOT-EC WORM!
N	Calendar 200X Reminder	calendar.exe	Calendar 200X - shows holidays, reminders of various anniversaries,tasks etc
U	Calendarscope	cs.exe	Calendarscope calendar software
X	calk	calk.exe	Added by the STARTPA-FH TROJAN!
X	Call Function System32	sddriver.exe	Added by a variant of the SDBOT TROJAN!
X	Call32	Call32.exe	Added by the SPAMMIT-H TROJAN!
Y	CallBumping	cbpopw.exe	Related to the Gazel 128 PCI ISDN adapter. Required if you use it
U	CallCenter Main Application	V3calmcp.exe	"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Main application
U	CallCenter Printer Interface	V3faxecp.exe	"V3 Inc. CallCenter is a free 32-bit, integrated fax, voicemail and data communications application with a simple to use interface providing fax send and receive functionality, basic (single mailbox) answering machine capability, and sophistcated data communications." Fax printer
N	CallControl	ftctrl32.exe	FaxTalk Messenger Pro is a Windows TAPI based 32-bit application. When installed, the software automatically loads FaxTalk CallControl when you start Windows. When FaxTalk CallControl is running, any TAPI compliant application can request to use the modem from Windows
N	CamCheck	CamCheck.exe	NuCam camera software related
U	Cameno	Cameno.exe	Cameno is a program which brings tabbed windows to MSN Messenger 6.0 and above
U	Camera Detector	CAMDET~*.EXE	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
U	Camera Detector	Camdetect.exe	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
U	Camera Detector	DEVDET~*.EXE	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
N	Camio Viewer x	IXApplet.exe	Image viewing program that comes with digital cameras. Shows pictures that are in the camera before downloading them. "x" in the name is the version
?	CamMonitor	hpqcmon.exe	From HP and related to digital imaging
N	Canada	Canada.exe	Known to be a dialler - but is it maliscous or clean?
U	Canary	canary-std.exe	Canary keystroke logger/monitoring program - remove unless you installed it yourself!
X	candy	command32.exe	Added by the RBOT-LV WORM!
X	candynet	Taskmsg.exe	Added by the RBOT-NA WORM!
U	Canon MultiPASS Status Monitor	monitr32.exe	Cannon Multi-Pass status monitor - your choice
?	Canon PC1200 iC D600 iR1200G Status Window	CAPM1LAK.EXE	Cannon printer related - is it required in startup?
N	Canon Printer Monitor BJCxxx	Cjstlst.exe	Trayicon for Canon printer. xxx denotes model. Available via Start -> Programs
U	CanonMyPrinter	BJMyPrt.exe	Printer software for Canon Bubblejet printers
U	CanonSolutionMenu	CNSLMAIN.exe	Canon's Solution Menu dialog box leads you quickly toward documentation, utilities, and help files
?	CAP3ON	CAP3ONN.EXE	Canon driver, purpose unknown. Is it required in startup?
Y	capfasem	capfasem.exe	CA Personal Firewall - part of the CA Internet Security Suite
N	Capfax	capfax.exe	PhoneTools fax software
U	capfupgrade	capfupgrade.exe	CA Personal Firewall - part of the CA Internet Security Suite
U	CAPing	CAPing.exe	Citibank Citianywhere software
Y	Capon	Capon.exe	Canon printer driver
Y	Capon	Caponn.exe	Canon printer driver
X	CaptionMgr32	crssr.exe	Added by the ZAR.A WORM!
X	capture	capture.exe	Added by the THEEF-B TROJAN!
N	Capture Express 2000	capexp.exe	Capture Express - screen capture utility
N	Carbonite Backup	CarboniteUI.exe	"Carbonite?s online backup service starts automatically and works quietly and continuously in the background protecting your data"
N	Card Monitor	REGCNT09.exe	For the USB connection on a Panasonic PV-DV701 Digital Camcorder. Available via Start -> Programs
X	Care20	Care20.exe	TopMoxie adware
U	Care2GTU	Care2GTU.exe	Care2 Green Thumbs-Up (from the Care2 site). Every online purchase helps environmental causes; tells you how eco-friendly a company really is, thanks to over 200 company profiles from Coop America. Saves 1 square foot of rainforest every day you use it. If it works and you like it, keep it
U	carpserv	carpserv.exe	Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
X	CARPserver	CARPserver.exe	Added by the BANKER-AN TROJAN!
U	CARPservice	carpserv.exe	Associated with Zoltrix and Conexant modems - enables the internal modem speaker, allowing you to listen to the dial-up sounds for example
X	cartao	[path to file]	Added by the DLOADER-QD TROJAN!
X	cartao	conflicted.exe	Added by the DADOBRA-DV TROJAN!
X	cartao	killing.exe	Added by the DLOADER-QN TROJAN!
X	CAS Client	casclient.exe	CasinoClient adware
X	Cas2Stub	cas2stub.exe	CasinoClient adware
U	CasAgnt	CasAgnt.exe	Program by Extended Systems which allows you to sync your Casio PDA with your PC
X	Casdvqwa	bmqnzkg.exe	Added by the RANDEX.BE WORM!
X	caseyvideo	CaseyVideo.exe	Malware causing p0rn popups
X	caseyvideo	caseyvideo[].exe [ = digit]	Malware causing p0rn popups
X	CashBack	cashback.exe	Part of eXact Advertising Software, consisting of "CashBack by BargainBuddy", BullsEye Network and NaviSearch
X	CashFiesta	Cashfiesta.exe	CASHFIESTA.A pay-per-surf adware
N	Cashsurfers Cashbar Navigator	Cashbar.Exe	Cashsurfers CashBar Navigator - "The CashBar rotates banner advertisements once per minute and provides you with access to up to date special offers and deals"
X	CashToolbar	CD_Load.exe	CashToolbar Downloader-MY adware
X	CashToolbar	svchost.exe	CashToolbar Downloader-MY adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
X	Casino Royale	jamesbond.exe	Added by the RBOT-FZO WORM!
X	Cassandra	[10 to 14 random char]THD.EXE	Added by the KREPPER-AI TROJAN!
X	Cassandra	cassandra.exe	SuperSpider hijacker - a CoolWebSearch parasite variant. Also detected as a variant of the KREPPER TROJAN!
X	CasStub	casstub.exe	Added by the CASS-A TROJAN!
X	Catalyst Control Centre	atixvdm.exe	Added by the RBOT.DMW TROJAN!
X	catsrv	catsrv.exe	Added by the PAPLOK TROJAN!
Y	CAVRID	CAVRID.exe	eTrust? EZ Antivirus Real Time Infection Report from Computer Associates
Y	CAVS	CAVS.exe	Cheyenne (now eTrust) antivirus
X	CAZNOVAS	CAZNOVAS.exe	Added by the CAZNO TROJAN!
X	CBACK.EXE	CBACK.EXE	Added by the PENTA-A TROJAN!
U	CBWAttn	CBWAttn.exe	Required for Bitware to answer incoming faxes, can cause sleep mode problems
U	CBWHost	CBWHost.exe	Required for Bitware to answer incoming faxes, can cause sleep mode problems
?	CBWUser	CBWDial.exe	Associated with Bitware that integrates fax, voice, pager, and data communications on your desktop
X	CC2KUI	comet.exe	Comet Cursor adware
X	Ccao	regedit.exe	Probably a variant of MediaTickets adware. Note - this is not the valid Windows registry editor which resides in Windows or Winnt and will not figure in Msconfig/Startup! This version resides in a "mduu" subfolder, which may change
Y	ccApp	ccApp.exe	Part of Norton AntiVirus. Auto-protect and E-mail check will not function without this
X	ccApp	[random filename]	Added by the OBSORB TROJAN! Note the random filename compared to the valid Norton AntiVirus
X	ccApp	WMADZ.EXE	Added by the RBOT-LJ WORM!
X	ccApp	.EXE	Added by the RBOT-LJ WORM!
X	ccApp	gcasServ.exe	Added by a variant of the RBOT WORM! Do not confuse with the Microsoft AntiSpyware executable of the same name
X	ccAppr	svcrhost.exe	Added by the TACTSLAY.A TROJAN!
X	ccAppr	expIorer.exe	Added by the TACTSLAY.A TROJAN!
X	ccAppr	outIook.exe	Added by the TACTSLAY.A TROJAN!
X	ccAppr	svcshost.exe	Added by the TACTSLAY.A TROJAN!
X	ccApps	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X	ccApps	winlogon.exe	Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X	ccApps	N/A	Added by the KANGAROO-A TROJAN!
X	ccApps	ccApps.exe	Added by the KANGAROO-B WORM!
X	ccctp	HistoryJMTi.exe	Added by the GANBATE.A WORM!
U	CCD Manager	DDS.EXE	Project Labs Century CD manager for their CD/DVD storage device
N	Ccdecode	rundll32.exe streamci, StreamingDeviceSetup	Part of the closed caption decdoder/MS VBI codec. Should only run once
Y	CCDoctorLogonTesting	ccdoctor.exe	Checks your system to make sure it's configured properly for running IBM Rational ClearCase, a source code management tool. ClearCase is fairly sophisticated so there are a lot of system-related things that can cause it grief. If you run ClearCase you should not disable this as it provides a valuable service, but technically it isn't required to use the ClearCase product
Y	ccenter	CCenter.exe	RAV AntiVirus
Y	CcEvtMgr	ccEvtMgr.exe	Part of Norton AntiVirus 2003. Event manager for scheduling weekly scans and or automatic virus updates. Used to start automatically via "ccApp" and was not required as a seperate entry but a recent update changed this
X	ccEvtMrg.exe	ccEvtMrg.exe	Added by the RBOT.GZ WORM!
X	ccExecute	bootcfg1.exe	Added by the NEMSI-B VIRUS!
X	ccHelp	ccHelp.hta	"Searchq" adware
U	ccleaner	ccleaner.exe	CCleaner - removes unused files from your system
X	ccpApps	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	ccpApps	lsass.exe	Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
U	ccProxy	CCPROXY.EXE	Part of Norton Internet Security, proxy server that is used to support the parental controls. If you turn parental controls off at user level the process is not loaded. Reported to cause excessive CPU usage
X	ccPrxy.exe	ccPrxy.exe	Added by the SHIPUP-H WORM!
Y	CcPxySvc	CCPXYSVC.exe	Part of Norton's AntiVirus 2003, Internet Security and Firewall products. E-mail proxy service - required for E-mail scanning and the firewall
X	ccreg	explorer.exe	Added by the ZCREW TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System subfolder
Y	CcRegVfy	ccRegVfy.exe	Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
X	ccRegVfY	expIorer.exe	Added by the TACTSLAY.A TROJAN!
X	ccRegVfY	svcrhost.exe	Added by the TACTSLAY.A TROJAN!
X	ccRegVfY	svcshost.exe	Added by the TACTSLAY.A TROJAN!
X	ccRegVfY	outIook.exe	Added by the TACTSLAY.A TROJAN!
X	ccrss	msdtc.exe	Added by the STAP-C WORM!
Y	ccSetMgr	ccSetMgr.exe	Part of Norton AntiVirus 2004. What does it do?
X	ccSvcHst.exe	ccSvcHst.exe	Added by the SDBOT-DIW WORM!
X	ccsvit.exe	ccsvit.exe	Added by the STARTPA-HP TROJAN!
U	cctray	cctray.exe	Part of CA Internet Security Suite
X	ccUpdate	ccUpdate.exe	Added by the AGOBOT.YS WORM!
U	ccUpdMgr	ccUpdMgr.exe	In Loco Parentis remote surveillance software. Uninstall this software unless you put it there yourself!
U	CCUTRAYICON	CCU_TrayIcon.exe	Related to Traybar Launcher from Intel Corporation belonging to Intel(R) Viiv?
U	ccWasher	aolwasher.exe	Webroot Cache & Cookie Washer - cleaning browser tracks, including cache, cookies, history, mail trash, drop-down address bar, auto-complete forms and downloaded program files for IE, Netscape and AOL
U	CCWC7a	ac.exe	Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free
U	CCWC7I	idxl.exe	Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free
U	CCWC7s	stealth.exe	Moleculesoft Cache, Cookie & Windows Cleaner. No longer supported but available for free
Y	CCWinTray	wintmr.exe	System Tray access to Child Control parental control software by Salfield
N	CD Storage Master	cdstorager.exe	CD Storage Master - a program designed to catalog CD information, boasts a number of handy features for organizing your collection
X	cd1	cd1.exe	Premium rate adult content dialler
N	CDANTSRV	CDANTSRV.exe	C-Dilla License Management software. Used for any program that uses C-dilla Protection, example: 3D Studio Max 4.x. It loads as a service automatically but is not needed unless you run said program. Can be started and stopped manually
X	Cdcompat	Cdcompat.exe	Added by the GEMA TROJAN!
X	cddrv32	cddrv32.exe	Added by a variant of the CRYPTER.C TROJAN!
N	CDInterceptor	cdi.exe	CD indexer for measuring the speed of CD players
Y	cdloader	cdloader2.exe	From MagicJack - "A softphone device that allows you to attach an analog phone into the PC so you can have a traditional-style phone system in your house without any monthly charge"
X	CdnCtr	cdnup.exe	CNNIC Update pest
X	CDriver	windrv.exe	Added by the DELF.WG TROJAN!
X	CDriver	svchost.exe	Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	Cdrom Controller	cdromcntrl.exe	Added by the BATTRY-A TROJAN!
X	cds	cds.exe	Added by the SPYMON TROJAN!
X	CDSpeed.exe	CDSpeed.exe	Detected by Kaspersky as the IRCBOT.AEX TROJAN!
N	CDTray	CDTray.exe	On HP PCs, this is the small CD icon next to the time
U	CeEKEY	CeEKey.exe	Hot Key utility included on Toshiba Satellite laptops
U	CeEPOWER	cepmtray.exe	Toshiba's Power Management Utility - allows the user to setup different profiles for both AC power and Battery Power on laptops. Contols CPU speed, Monitor Shut Off, Hard Drive Shut-Off, Monitor Brightness, System Stand-by and System Hibernate times
?	Ceic	Ceic.exe	??
X	Cekirge	[path to worm]	Added by the KERGEZ.A WORM!
X	center	[random name]32.exe	Added by the BOFRA.A WORM!
X	CentralProcessor	taskimgr.exe	Added by the BANCOS.J TROJAN!
?	CEPA	wsot.exe	??
U	CertificateRegistration	SafeSignCertReg.exe	SafeSign Certificate Registration Utility for Microsoft Crypto applications
U	CertReg	certreg.exe	Related to Gemplus Card Reader
Y	CertStoreInit	CertStoreInit	Aladdin eToken authentication and password management
N	CesarFTP FTP Server	server.exe	CesarFTPd - FTP server
X	cesmain.dll	Rundll32.exe [path] cmail.dll, Rundll32	CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	CEventMgr	Cell.exe	Added by the BIFROSE-AK TROJAN!
N	CFD	CFD.exe	BroadJump Client Foundation. Broadband troubleshooting software installed by various companies. Not required and you can remove it via Add/Remove programs
X	CFDStart	WinMuschi.exe	WINMUSCHI dialler
X	cfgboost	cfgboot.exe	Added by an unidentified WORM or TROJAN!
Y	cfgintpr	cfgintpr.exe	Configuration Interpreter - part of Tiny Personal Firewall V4
X	cfgmgr51	RunDLL32.EXE cfgmgr51.dll, DllRun	BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr51.dll" file is located in the Winnt or Windows folder
X	cfgmgr52	RunDLL32.EXE cfgmgr52.dll, DllRun	BookedSpace parasite. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cfgmgr52.dll" file is located in the Winnt or Windows folder
N	cfgwiz	cfgwiz.exe	Introduced with Norton Anti-Virus 2002, this is a real resource hog. Many NAV users will find they can live without loading it
?	cFosDNT	cFosDNT.exe	cFos DSL Modem driver related. What does it do and is it required?
?	cFosInst_Check	cfosinst.exe	cFos DSL Modem driver related. What does it do and is it required?
U	cFosSpeed	cFosSpeed.exe	cFos Software Internet acceleration program related. Note - may be necessary for the software to work properly
U	CFSServ.exe	CFSServ.exe	Belongs to Toshiba's configfree utility and searches for Wireless Devices
X	cftmon	sfcmonit.exe	Added by a variant of the AGENT.ERG TROJAN!
X	cftmon32	taskmgr.exe [ = number]	Added by the SOWSAT.C and SOWSAT.J WORMS!
X	cfy	cfy.exe	Surfenhance.com SearchForIt adware variant
X	CGI Firewall Script	CGIAGENT.EXE	Added by the BROPIA-U WORM!
U	CGServer	cgserver.exe	Associated with an Eicon Networks ISDN or ADSL modem. Call Guard Server (CGserver) watches your modem and blocks incoming or outgoing calls. You need cgard.exe (from Startmenu) to configure cgserver with rules and telephone numbers. Good against unwanted dialer programs
X	Cgtask Services	cgtask.exe	Added by the LALA.B TROJAN!
X	Cgywin	cgywin32.exe	Added by the RBOT-AEI WORM!
U	ChamClock	ChamClock.exe	Chameleon Clock - system tray clock replacement
X	change-me-now	msgfix1.exe	Added by the SDBOT.ZD WORM!
U	ChangeICON	SPMSMON.EXE	Card reader related program. Note - may cause problems with My Computer loading at startup. Disabling through MsConfig seems to solve the problem
?	ChangeLines	chngline.exe	??
Y	Charter High-Speed Security Suite	fspex.exe	Charter High-Speed Security Suite - security software in collaboration with F-Secure
N	Chatango	Chatango.exe	Chatango - "allows people to be connected in real time through their Web browsers. Include your Chatango contact link or button when you create eBay auctions, blogs, personal websites, Friendster profiles, and your visitors will be able to contact you instantly, without downloading anything, or registering. Alo use it to send email to your friends, allowing them to respond to you in real time!." The 'MessageCatcher' icon in the System Tray notifies you when you get a message. When you get a message, a little alert pops up, which you can click on and start chatting immediately
U	ChatStat	ChatStat.exe	ChatStat from ChatStat Technologies, Inc. Provides live chat assistance in up to 16 languages allows your operators to be more productive
N	Chcenter	chcenter.exe	IMSI HiJaak - "the easiest way to convert, capture, and manage all your graphic files"
X	Chckup	Netverchk.exe	Covert Sys Exec malware variant
X	chcp.exe	chcp.exe	Detected by Kaspersky as the SDBOT.BMH WORM! See here
X	che32	che.ocx.vbs	Added by the ADENU-B VIRUS!
X	Cheatle	GigaByte.exe	Added by the SHODI.B VIRUS!
X	Check	Check.exe	Added by the VB-DRN WORM!
N	Check for One Touch Update	wiseupdt.exe	Checks for updates for Visioneer OneTouch scanners
N	Check for TWS Updates	WiseUpdt.exe	Interactive Brokers - check for update to their standalone Java-based trading platform
U	Check Messenger	cmesseng.exe	Check Messenger from Qchex.com - program that helps you manage the activity of your Qchex account. Qchex appear to be no longer in buisness
U	Check&Get	Check&Get.exe	Check&Get from ActiveURLs. Manages your browser bookmarks and favorites. Monitors Web sites for changes and updates, captures and highlights the changed contents
N	CheckCustomWorksUpdate	CheckCWupdate.exe	Update checker, part of CustomWorks - "customize any embroidery designs to design your own unique creations"
U	CheckDialer	ChkDial.exe	Added by the CheckDialer modem connection monitoring tool
X	Checkdisk	mscas.exe	Added by the VAGON-A TROJAN!
X	CheckFaultKernel	mswdm.exe	Added by the SMALL-CSK TROJAN!
U	CheckIt	ToolBox.exe	CheckIt Toolbox from WinCheckIt Diagnostic Software. Toolbox automatically backs up critical system files (such as .ini files and the Windows Registry), and performs a check on various system parameters at intervals you specify
U	CheckIt 86	CheckIt86.exe	CheckIt 86 popup blocker
Y	CheckMsgPlus	MsgPlusH.dll, VerifyInstallation	Added by MSN Messenger Plus, a third party extension to MSN Messenger. This is the auto-update feature - see here for more info.
X	checkrun	elite**32.exe [ = random char]	EliteBar adware
X	checkrun	elitelsj32.exe	Added by the MULTIDR-ER TROJAN!
X	CheckScan32	regload16.exe	Added by the AEBOT.K WORM!
?	checktime	ct.exe	Found in the HPSelectFrontend directory on a HP machine. What is it's purpose and is it required?
Y	CheckVCR	IOMagic.exe	Driver for the I/OMagic Personal Video Recorder (DR-PCTV100)
X	CheckWinPerf	perfinfo.exe	Added by a variant of the IRCBOT TROJAN!
U	CherryKeyMan	KeyMan.exe	Multimedia keyboard manager for the Cherry keyboard series. Only required if you use any of the special keys
X	chiCkie	chiCkie.exe	Added by the CHIKO WORM!
U	ChicoSys	webtmr.exe	Child Control parental control software
U	ChikkaDefault	ChikkaLauncher.exe	Chikka PC text messanger and IM client
X	china11msn	CHINA11MSN.EXE	Added by the ENVID.O WORM!
U	ChineseStar	cstar.exe	Chinese language support software
U	CHIPDRIVEPinManager	sokscmpn.exe	ChipDrive Smartcard software
U	CHIPDRIVESmartcardManager	SCMgr.exe	ChipDrive Smartcard software
N	CHKADMIN	CHKADMIN.EXE	Compaq Network Management System. When running, it places an icon in the system tray titled "Intelligent Manageability"
X	ChkDisk	chk_disk.exe	Added by an unidentified WORM or TROJAN!
X	chkdrv	iemon.exe	Detected by Symantec as the ADCLICKER TROJAN!
X	chkdsk	autoexec.bat	Added by the ANPES WORM!
U	ChkMail	ChkMail.exe	Mail-checking program supplied with Acer notebooks
U	ChoiceMail	CHOICEMAIL.EXE	ChoiceMail from DigiPortal Software. Block spam with an Email firewall
X	Choke	Choke.exe-blahh	Added by the CHOKE WORM!
X	chope	runlli32.exe	Added by the QQPASS-U TROJAN!
X	chostsv	chostsv.exe	Added by the BANPAES.C TROJAN!
U	CHotKey	mhotkey.exe	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
U	CHotKey	MK9805.EXE	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol+, vol-, mute, etc. Only required for extended features
U	CHotKey	zHotkey.exe	Enables special keys on Chicony keyboards. Special combinations include Internet, E-mail, vol , vol-, mute, etc. Only required for extended features
N	Christmas Music Player	TTEST6.EXE	"Christmas Music Player brings the music of the Christmas Holiday to your desktop"
?	ChromeMark	keysh.exe	Related to this. Don't know what keysh.exe does though and if it's required
?	ChronitelInitTV	CHTVINIT.EXE	??
U	chrono	chrono.exe	Chronograph is a simple utility that synchronizes internal computer clock to the atomic time. Chronograph automatically maintains correct time using atomic clock servers of the National Institute of Standards and Technology (NIST)." Shows seconds and shows the date without having to hover the mouse. Shows a calendar when hovered over
X	ci1gnt	ci1gnt.exe	Detected by Kaspersky as the AGENT.DHU TROJAN!
X	CiaBackdoor	msldr.com	Added by a VIRUS!
X	cihost.exe	cihost.exe	Added by the LINST TROJAN!
N	CIJxP2PSERVER	CIJxP2PS.EXE	Compaq printer utility which is required in order to make the printer work correctly - "x" depends upon the model, ie, for IJ300 x=3, for IJ700 x=7
Y	Cingular Communication Manager	CingularCCM.exe	Cingular Communication Manager - now taken over by AT&T. "provides a robust set of wireless communication tools for businesses and individuals. With wireless access to email, the Internet, business applications and corporate intranets, mobile users can be more productive while they're out of the office"
X	Cinnabd Prompt32	CmdPrompt32.pif	Added by the ASSIRAL-B WORM!
N	CIO	che7e1~1.exe	ChatItOut webcam chat program
X	CirebonPunya	XXrocks.exe	Added by the BHARAT.A WORM!
U	Cisco Systems VPN Client	ipsecdialer.exe	Cisco VPN Client - lets local users gain Administrator privileges on the operating system
N	Cisco Systems VPN Client	vpngui.exe	Sets up IPSec communications for Cisco's VPN Client
N	CISrvr Program	CISRVR.EXE	Related to internet setup on Compaq PC's
X	Cissi	Cissi.exe	Added by the CISSI.A WORM!
U	CitiUCS	CitiUCS.exe	Citibank Virtual Account Numbers - "With this free service for Citi cardmembers, you never have to give out your real credit card number online"
N	CitiVAN	CitiVAN.exe	Option from Citibank to change a credit card number in a random fashion for each purchase. The number will only be used once and never again
X	cjb	cjb.exe	Added by and unidentified WORM or TROJAN! See here
X	CJET	CJet.exe	Added by the Adware.FFToolBar adware toolbar
Y	Cjstcom	Cjstcom.exe	Canon printer BJ status language monitor
Y	ClamWin	ClamTray.exe	ClamWin antivirus
X	Classes	int1.exe	"Switch" premium rate adult content dialler variant
X	Classes	intl.exe	"Switch" premium rate adult content dialler variant
X	Classes	run_21.exe	"Switch" premium rate adult content dialler variant
X	Classes	srv.exe	"Switch" premium rate adult content dialler variant
X	Classes	srv2.exe	"Switch" premium rate adult content dialler variant
X	Classes	MSTAR2.EXE	"Switch" premium rate adult content dialler variant
X	Classes	mstart.exe	"Switch" premium rate adult content dialler variant
X	clcbt.exe	clcbt.exe	Added by the AGENT.CBA TROJAN!
X	clcl3	clcl3.exe	Added by the AGENT.ES TROJAN!
X	clcl7	clcl7.exe	Added by a variant of the Covert Sys Exec TROJAN!
U	CLCLSet	CLCL.exe	CLCL clipboard caching utility
N	Clean Access Agent	CCAAgent.exe	Cisco Clean Access Agent from Cisco Systems, Inc
X	Clean up	service.exe	Added by the AGENT-FPY TROJAN!
?	CleanEasyImg	cleanall.exe	??
?	CleanRegPath	CleanReg.exe	Apparently Annex A ADSL modem related. What does it do and is it required?
U	CleanSweep Smart Sweep- Internet Sweep	Csinsm32.exe	Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
N	CleanSweep Useage Watch	CSUSEM32.EXE	Quarterdeck/Norton CleanSweep component - tracks how often you use files and alerts you to files that have not been used for a specified period of time
U	CleanTemp	CLEANT~1.EXEB	CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
U	CleanTemp	CleanTemp.exe	CleanTemp - deletes the contents of the TEMP directory when Windows starts and then closes - using no memory
N	Cleanup	ONICTASK.EXE	Internet Cleanup from Allume Systems (used to be by OnTrack) - cleans up tracks left by browsing the internet
Y	CleanUp	mcappins.exe	Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled
?	CleanupProgram	cleanup.exe	In a C:Sonysys folder - Sony Vaio related?
X	clean_service	clean_service.cmd	Added by the REFAZ WORM!
U	CleverKeys	CK.exe	CleverKeys - "is free software that provides instant access to definitions at Dictionary.com, synonyms at Thesaurus.com, facts at Reference.com and more ? from almost all Windows programs, including word processors, Web browsers and most e-mail programs"
X	clfmon	clfmon.exe	Added by the TACTSLAY.E TROJAN!
X	clfmon	nvsvca32.exe	Added by the TACTSLAY.E TROJAN!
X	clfmon.exe	clfmon.exe	Added by the AGENT-BJ TROJAN!
N	Click Radio Tuner	clickr~1.exe	ClickRadio - subscription service playing radio music via the internet
N	Click Tray Calendar	ClickT~1.EXE	ClickTray Calendar - shows holidays, reminders of various anniversaries,tasks etc
N	ClickMe	ClickMe.exe	ClickM "JOKE" program
U	Clickoff	Clickoff.exe	Clickoff automatically dismisses annoying dialog boxes
X	ClickTheButton	CTB.EXE	ClickTheButton Downloader-MY adware
X	ClickTheButton	csrss.exe	ClickTheButton Downloader-MY adware! Note - this is not the legitimate csrss.exe process which should not normally figure in Msconfig/Startup!
X	ClickTheButton	MSCStat.exe	ClickTheButton Downloader-MY adware
X	CLICONFG	CLICONFG.EXE	Added by the OPASERV.T WORM!
U	Client Access API Daemon	cwbappcd.exe	IBM iSeries Client Access, see here
N	Client Access Check Version	cwbckver.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
?	Client Access Express Welcome	cwbwlwiz.exe	Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?
N	Client Access Help Update	cwbinhlp.exe	Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
N	Client Access Service	CwbSvStr.Exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
U	Client Access Taskbar	cwbuitsk.exe	IBM iSeries Client Access taskbar, see here
X	Client Agent	ipxwping.exe	Added by the PPDOOR-N TROJAN!
X	Client Agent	photes.exe	Added by the PPDOOR-P TROJAN!
X	Client Agent	[path to file]	Added by the PPDOOR-J TROJAN!
?	Client agent for ARCserve	W95AGENT.EXE	Part of Brightstor ARCserve Backup from Computer Associates. What does it do and is it required?
X	Client for Microsoft Networks	msclient32.exe	Added by the SDBOT-BXQ WORM!
X	Client Server Control Process	[path to trojan]	Added by the AGENT-HR TROJAN!
X	Client Server Run Time Proccess	csrsrv.exe	Added by a variant of the SDBOT WORM!
X	Client Server Runtime	[path to worm]	Added by the POEBOT-KR WORM!
X	Client Server Runtime Process	csrsss.exe	Added by the SDBOT-LD WORM!
X	Client Server Runtime Process	csrs.exe	Added by the LINKBOT.M WORM!
X	Client Server Runtime Process	smmss.exe	Backdoor TROJAN! Possible SDBOT-GEN variant
X	Client Update	wup.exe	Added by a variant of the OPANKI-A WORM!
X	ClientMan1	mscman.exe	ClientMan parasite variant
N	Clik Status Monitor	toolsclickstat.exe	Part of Iomega Tools to let you know whether an Iomega PocketZip (nee Clik) removable drive cartridge is installed
X	clipboard.exe	clipboard.exe	Added by an unidentified WORM or TROJAN!
N	Clipbook Service	Clipsrv.exe	Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
N	ClipMate5x	ClipMt5x.exe	Clip Mate 5.x by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
N	Clipmate6	CLIPMT60.EXE	Clip Mate 6 by Thornsoft. Utility that allows you to store more than one item in the clipboard. Available via Start -> Programs
N	ClipMate7	ClipMate.exe	Clip Mate 7 by Thornsoft - utility that allows you to store more than one item in the clipboard
N	Clipomatic	Clipomatic.exe	Mike Lin's Clipomatic is a clipboard cache program - it remembers what was copied to the clipboard even after new data is copied, and allows you to retrieve the old data
N	Clipsrv	Clipsrv.exe	Supports Windows XP ClipBook Viewer, which allows pages to be seen by remote ClipBooks
X	ClipSrv	clipserv.exe	Added by the SDBOT-AAV and SDBOT-AFE WORMS!
X	ClipSrv	CLIPBRD3D.EXE	Added by the MOFEI-D WORM!
N	ClipTrak	ClipTrak.exe	ClipTrak - clipboard extender
N	ClipTrakker	ClipTrakker.exe	Cliptrakker - clipboard extender
N	CLISTART	CLIStart.exe	Puts the ATI Catalyst? Control Center Icon/Shortcut on the System Tray - available via Start -> Programs
X	clkhost	[path to trojan]	Added by the WIXUD-B TROJAN!
U	CLMFrontPanel	clmpanel.exe	System tray status/display/configuration utility for a number of modems. Can be disabled by right-clicking on the tray icon. If disabled, connection status is lost
?	clnwall	rundll.exe setupx.dll, InstallHinfSection ..delwall.inf	??
X	clock	[various filenames]	LiveChat Adware - known file names include: mssetup.exe, kstatus.exe, spoolsv.exe, sptsupd.exe, osk.exe, msswchx.exe, netdde.exe, msbkup.exe
X	Clock Manager	amsngr.exe	Added by the SDBOT-XM TROJAN!
X	ClockSync	Sync.exe	ClockSync - synchronizes your system clock with an internet time server. It's by WhenU, the makers of the Save Now spyware, and they're usually seen in tandem, so it's advised to replace it with one of may spyware free alternatives available
U	ClockWise	CLOCKWISE.EXE	ClockWise - produced by R J Software - a time utility. It is a schedueler not only for dates, but you can choose it to run programs at any time. It also updates the time by connecting to an atomic clock server. This is a spyware-free alternative to ClockSync
U	ClocX	ClocX.exe	ClocX - places a clock on the desktop that can be moved and then changed into a calendar plus you can set alarms etc?
U	CloneCD	CloneCDTray.exe	System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
U	CloneCDElbyCDFL	ElbyCheck.exe	From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
U	CloneCDTray	CloneCDTray.exe	System tray for the now discontinued CloneCD. The only useful option is "Hide CDR Media" only available via this tray. Has additional unknown functions in later versions
?	Clotusorgreg0	prtStart.exe [path] Orgprt.exe	IBM Lotus SmartSuite related. In a LotusOrgReg folder. Unclear what exactly it does?
X	Clre	mmdc.exe	Added by the PURSCAN-AI TROJAN!
X	ClrSchLoader	[path to file]	ClearSearch adware
X	CLSID	com.exe	Adult content dialler
X	CLSID	dll.exe	Adult content dialler
X	CLSID	msgplus.exe	Adult content dialler
X	CLSID	plugin.exe	Adult content dialler
X	CLSID	sed.exe	Adult content dialler
X	CLSID	msgplus.exe	Premium rate adult content dialer. Note - this is NOT the MSN Messenger 'MessengerPlus' extension
X	CLSRSS	LSACS.EXE	Added by the SILLYFDC-X WORM!
?	CM-SmWizard	SmWizard.exe	SmartWizard MFC Application - associated with C-Media who produce audio chipsets commonly used for on-board sound on motherboards. What does it do and is it required?
U	cma	cma.exe	DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
X	CMAPP	cmappclient.exe	CasClient adware - also detected as the CMAPP TROJAN!
N	Cmaudio	Rundll32 cmicnfg.cpl, CMICtrlWnd	System tray control panel for C-Media based soundcards - often included on popular motherboards with in-built audio. Available via Start -> Settings -> Control Panel
X	Cmd	cmd32.exe	Added by the TANKED WORM!
X	cmd32	configs.exe	Hijacker, also detected as the QURL-2 TROJAN!
X	cmd64	cmd64.exe	CoolWebSearch Search X parasite variant
X	cmdbcs	cmdbcs.exe	Added by the LINEAG-GKW TROJAN!
X	cmdcon	cmdcon.exe	Added by the CRYPTER.A TROJAN!
X	cmds	vtsqn.dll	Added by a variant of the VUNDO TROJAN!
X	CmdShell.exe	CmdShell.exe	Added by the BCKDR-QHY TROJAN!
X	CME	cme.exe	Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	CmeSYS	CMEsys.exe	Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	CmeUPD	CMEupd.exe	Part of Gator advertising spyware - see here for removal instructions. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	CMFibula	CMFibula.exe	CASClient adware
N	CmFlywaveName	CmFlywav.exe	Driver for Linksys Wireless-G Music Bridge
?	CMGrdian	CMGrdian.exe	One of the McAfee shared components. What does it do and is it required?
X	CMMan	CMMan.exe	Added by the CMAPP TROJAN!
X	Cmmon32Sys	cmmon32.exe	Added by the SMALL.CL TROJAN!
X	cmonitor	startupmon.exe	SystemDoctor misleading security software - not recommended, see here
U	CmPCIaudio	RunDll32 CMICNFG3.CPL, CMICtrlWnd	Registers the Control Panel applet for a C-Media PCI sound card
U	CMPDPSRV	CMPDPSRV.EXE	Printer Driver Plus from ViewAhead Technology (formerly DeviceGuys, Inc.). "Printer Driver Plus seamlessly integrates all the necessary components of a printer driver, plus more". Installed with some Compaq and Lexmark printers
X	Cmpnt	Devices2.exe	Added by the TOMPAI-D TROJAN!
X	Cmpnt	mainsv.exe	Added by the TOMPAI-C TROJAN!
X	cmrss	cmrss.exe	Added by the DELF.DU TROJAN!
X	cmrss	crmss.exe	Added by the DLOADER-EK TROJAN!
X	cmrss	[path to trojan]	Added by the DLOADER-QQ TROJAN!
X	cmrst	cmrst.exe	Added by the BANCOS.S TROJAN!
X	cmrst	cmrst.scr	Added by the DLOADER-FP TROJAN!
X	cms	iserver.exe	Added by the DLOADER-WK TROJAN!
U	CMSETTINGS	ctmn.exe	Part of NetNanny Chat Monitor
X	cmsound	vcpdll.exe	Added by the TCXMEDI-D downloader TROJAN!
X	cmsound	vcsystem.exe	Added by the TCXMEDI-D downloader TROJAN!
X	cmss	system.exe	Added by a variant of the RBOT WORM!
X	cmssapp	iexplore_.exe	Added by the BANCBAN-CQ TROJAN!
X	cmssapp	iexplore.exe	Added by the BANCBAN-GF TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
X	cmssSystemProcess	csmss.exe	Added by the AGENT-CO TROJAN!
X	cmssSystemProcess	mcsmss.exe	Added by a variant of the AGENT.EI TROJAN!
X	cmssSystemProcess	csms.exe	Added by the AGENT-Y TROJAN!
X	CMSystem	CMSystem.exe	CASClient adware
X	cmt101	cmt101.exe	Added by a variant of the CRYPTER.C TROJAN!
?	CmUCRRun	CmUCReye.exe	Related to Medion Display Information. What does it do and is it required?
X	cmx32	cmx32.exe	Added by the GEMA.D TROJAN!
X	Cn323	cnfrm33.exe	Added by the MIMAIL.G WORM!
X	Cn911	ODBCJET.exe	Added by the BIFROSE-PR TROJAN!
X	CNBABE	CNBABE.EXE	Appears to be spyware added by KAZAA (and maybe others) that displays pop-up ads whilst you're browsing
N	cnet	kontiki.exe	Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
Y	cnfgCav	CMain.exe	Part of Comodo Antivirus
X	Cnfrm32	cnfrm.exe	Added by the MIMAIL.D WORM!
X	CnsMax	Internat.exe	Added by the POINTEX TROJAN! Note - the real internat.exe resides in %windir%system (where %windir% is the Windows directory - C:Windows or C:Winnt) whereas this version resides in %windir%
X	CnsMin	Rundll32.exe [path] CNSMIN.DLL, Rundll32	CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
Y	CnwiDeviceAgent	cnwida.exe	Part of the Canon imagePROGRAF W8400 printer management software
Y	CnxAdslL	CnxAdslL.exe	DLink, Zoom, or Conexant modem driver
N	CnxDslTaskBar	CnxDslTb.exe	Connexant DSL Taskbar as used on Acess Runner and Samsung AHT-E310 ADSL modems
U	Cobian Backup 8 interface	cbInterface.exe	"Cobian Backup is a backup program that can be executed in 2 ways: as a normal application or as a Windows Service. The program can schedule automatic backups for files and directories locally or to FTP servers and can use compression and encryption"
X	CodeClean	CCIntro.exe	CodeClean spyware remover - not recommended, see here
U	Codename Dashboard	dashboard.exe	Codename: Dashboard - "an application that resides at the side of your screen. Built on the Microsoft .NET Framework, it is a host for interchangeable components through which C.D. allows you to have any information you want, on your desktop, all the time"
X	cof.updit	[random filename]	Added by a variant of the SDBOT WORM!
U	CognizanceTS	rundll32.exe [path] AsTsVcc.dll, RegisterModule	Cognizance Corp Identity And Access Management suite
X	Coldlife -icmp	Systray.exe	Added by the FLOOD.AV TROJAN! Note - this is not the legitimate systray.exe process
N	CollaborationHost	p2phost.exe	People Near Me Microsoft? Windows? Peer-to-Peer Networking platform for Windows Vista
U	coloreal	coloreal.exe	Makes colours sharper and brighter, but will only work with coloreal capable monitors
N	Colorific Control Panel	Hgcctl95.exe	From E_Color. Colorific delivers accurate gamma and color temperature across your entire system - monitor to printer and digital camera to monitor
X	COM Service	mscom32.com	Added by the BEASTY.H TROJAN!
X	COM Service	msynvr.com	Added by the BEASTY.G TROJAN!
X	COM Service	msjclh.com	Added by the BEASTY.E TROJAN!
X	COM Service	msdrce.com	Added by the BEASTY.I TROJAN!
X	COM Service	msflyx.com	Added by the BEASTDO-O TROJAN!
X	COM+ Event System	DRWTSN16.EXE	Added by a variant of the LOVGATE WORM!
X	COM+ EventSystem Services	ECSERVER.EXE	Added by a variant of the SDBOT WORM!
X	Com+ Sys	csrs.exe	Added by the FORBOT-BT WORM!
X	COM+ System Applications	lsas.exe	Added by the AGOBOT.SE WORM!
X	COM++ System	exploier.exe	Added by a variant of the LOVGATE WORM!
X	COM++ System	suchost.exe	Added by a variant of the LOVGATE WORM!
X	COM++ System	svchost.exe...	Added by a variant of the LOVGATE WORM!
N	COM-IP	COMIP.EXE	COM-IP Virtual Modem Driver (COM-IP Creates a Fake Serial Port that allows you to use older DOS Based Communications Programs over Telnet. Type atdt host.domain.com instead of atdt 5551212)
U	com.codeode.cactusspamfilter	cactusspamfilter.exe	Cactus Spam - free easy-to-use spam blocker
U	com.codeode.privacymantra	privacymantra.exe	"Privacy Mantra keeps your computer clean from online and offline tracks"
U	ComAgent	ComAgent.exe	ComAgent - MDaemon's instant messaging client
X	combo.exe	combo.exe	Added by the CHIMO-C TROJAN!
X	combop.exe	combop.exe	Added by the BOWFEED-A TROJAN!
X	Comcast Network	ribiva.exe	Added by a variant of the TOADCOM.A TROJAN!
X	comctl32	comctl32.exe	Adware - detected by Kaspersky as the AGENT.AM TROJAN!
U	COMDRV32	svdhost.exe	Orvell Monitoring 2003 surveillance software. Uninstall this software unless you put it there yourself. Note - asks for permission to contact the IP address of http://www.protectcom.com/
U	Comm Driver	commh32.exe	G Data "PC Spion". PC monitoring and surveilling software, captures all users activity on the PC, see here. Disable/remove if you didn't install it yourself!
X	Command	system.exe	Added by the GATECRASH.A or GATECRASH.B TROJANS!
X	Command	Gotit.exe	Added by the TITOG WORM!
X	COMMAND	command.exe	Added by the QQPASS.E TROJAN!
X	command	javaw.exe	Added by the AGOBOT-LG WORM!
X	Command Prompt32	CmdPrompt32.pif	Added by the ASSIRAL.B WORM!
U	Command WorkStation 4	cws 4.exe	EFI's Command WorkStation makes "managing demanding workflows easier by centralizing job management. The software automatically identifies the Fiery servers on the network and offers customization options for displaying information" - for high-end print environments
X	command32	command32.exe	Added by the LINEADI-A TROJAN!
N	CommCtr	commctr.exe	"Net2Phone CommCenter is the latest in Internet voice technology allowing you to place calls easily all over the world right from your PC!". Available via Start -> Programs
Y	COMMUNICATOR	Communicator.exe	Part of Microsoft Office Communicator, which is an integrated communications client that allows information workers to communicate in real time using a range of different communication options, including instant messaging (IM), voice, and video
U	Comodo Firewall	CPF.exe	Comodo Firewall
Y	COMODO Firewall Pro	cfp.exe	Comodo Firewall Pro
U	Comodo Launch Pad Tray	CLPTray.exe	System Tray access to LaunchPad as bundled with Comodo's freebie offerings such as Comodo Anti-Virus. Some allege that LaunchPad is impossible-to-uninstall adware, or worse - see here
Y	COMODO Memory Firewall	cmf.exe	"Comodo Memory Firewall is a buffer overflow detection and prevention tool which provides the ultimate defence against one of the most serious and common attack types on the Internet - the buffer overflow attack"
X	CompanionWizard	compwiz.exe	WinAntiVirus 2006 misleading virus software - not recommended, see here
U	Compaq Alerter	CPQAlert.exe	Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information
N	Compaq Computer Corp SCCenter Module	SCCENTER.EXE	For Compaq PC's. Part of Backweb
?	Compaq Computer Security	Rundll32.exe SECURE32.CPL, Service	??
N	Compaq Connections	COMPAQ~1.EXE	See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"
N	Compaq Connections	BackWeb-1940576.exe	See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". * can be any digit
N	Compaq Connections	Compaq Connections.exe	See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners"
N	Compaq DMI	cpqdmi.exe	Compaq version of the Desktop Management Interface
X	Compaq Drivers	F1rewalls.exe	Added by the SDBOT-WD WORM!
N	Compaq Internet Setup	inetwizard.exe	For Compaq PC's. Runs Compaq internet setup wizard and offers you to signup from ISP list
X	Compaq Jes Drivers	winjes.exe	Added by the SDBOT-XR WORM!
U	Compaq Knowledge Center	silent.exe & matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file while silent.exe executes matcli.exe quietly in the background. Compaq Knowledge Center is required to run with the Help and Support program. If you uncheck Compaq Knowledge Center and and then run help and Support it will add another Compaq Knowledge Center in the startup menu. If you remove the Compaq Knowledge Center in the add/remove program some help menus in help and support will not be available like Fix my Presario, Preference, and Contact Technical Support". You decide
N	Compaq Message Server	COMPAQ-RBA.EXE	Applies to the CPQBootPerfDB entry as well. These files generate some kind of server or servlet that attempts to connect with Compaq online. They are like Trojans, but fairly harmless. They send information on the "Compaq Advisor/Compaq Message Screener" application that comes with every Compaq computer and provide feedback on how computer users use the Message Advisor. These messages appear occasionally and instruct and advise users on their computer and its use. They generally attempt to get you (these messages) to connect to Compaq's website. They may be safely disabled via (1) MSCONFIG or (2) Start -> Programs -> Compaq Advisor -> Advisor Settings under the "advanced" tab. Not required and can cause problems
U	Compaq PK Daemon	cpqkl.exe	For Compaq laptops for programming user configurable keys. Not required unless you use them
X	Compaq Print Fax	cpqa1000.exe	Added by the SDBOT.BCV WORM! Please take note of the difference between the legitimate Compaq Fax Utility Name (A1000 Settings Utility) and the name (Compaq Print Fax) used by this worm
X	Compaq Service Drivers	systeminfos.exe	Added by the SDBOT-XC WORM!
X	Compaq Service Drivers	compq.exe	Added by a variant of the SDBOT WORM!
X	Compaq Service Drivers	navapqwa.exe	Added by the SDBOT.BBQ WORM!
X	Compaq Service Drivers	amsn.exe	Added by a variant of the SDBOT WORM!
X	Compaq Service Drivers	compqs.exe	Added by a variant of the SDBOT WORM!
X	Compaq Service Drivers	msnt.exe	Added by the SDBOT.CQL WORM!
X	Compaq Service Drivers	NtKernelSystem.exe	Added by a variant of the SDBOT WORM!
X	Compaq Service Drivers	wincmd.exe	Added by the RBOT.ATV WORM!
X	Compaq Service Drivers	wind32.exe	Added by a variant of the SDBOT WORM!
X	Compaq Service Drivers	winmsn.exe	Added by a variant of the SDBOT WORM!
X	Compaq Service Drivers	compaq.exe	Added by the SDBOT-AFU WORM!
X	Compaq Service Drivers	msnsvc.exe	Added by the RBOT.BKT WORM!
X	Compaq Service Drivers	ntsys32.exe	Added by the RBOT.CIW WORM!
X	Compaq Service Drivers	winsvc.exe	Added by the SDBOT-AGD WORM!
X	Compaq Service Drivers 32	compq32.exe	Added by a variant of the SDBOT WORM!
X	Compaq Service Drivrs	copq.exe	Added by a variant of the RBOT WORM!
X	Compaq Services Drivers	ndt32.exe	Added by the RBOT.CQZ WORM!
X	Compaq Sound Drivers For WINDOWS	sounddr.exe	Added by the SDBOT-XG WORM!
N	Compaq Video CD Watcher	??	For Compaq PC's. MPEG viewer
X	Compaq32 Service Drivers	ms32.exe	Added by the SDBOT.BWH WORM!
X	Compaq32 Service Drivers	msconfig32.exe	Added by the SDBOT-ADC WORM!
X	Compaq32 Service Drivers	msnt32.exe	Added by the RBOT.BVF WORM!
?	CompaqHW Comp Manager	cpqhcm.exe	Running on a Compaq laptop - any ideas?
N	CompaqPrinTray	printray.exe	Puts printer icon in the System Tray. When this option is disabled you will no longer be able to access the Control Program or Printer Driver directly from your desktop
X	Compaqs Service Driver	copypad32.exe	Added by the SDBOT.CSO WORM!
X	Compaqs Service Drivers	compqs.exe	Added by a variant of the SDBOT WORM!
N	CompaqSystray	cpqpscp.exe	Compaq System Tray icon
X	Compatibility Service Process	regsvs.exe	Added by the GAOBOT.YN WORM!
X	Compd Service Drivrs	codq.exe	Added by a variant of the SDBOT WORM!
U	ComproRemote	ComproRemote.exe	VideoMate TV tuner and capture card - remote control driver
U	ComproSchedulerDTV	ComproSchedulerDTV.exe	VideoMate TV tuner and capture card - scheduler
X	Computing Technologie Firewall	lsauth.exe	Added by the SDBOT-WX WORM!
N	COMSMDEXE	comsmd.exe	3Com tray icon
X	ComStart	Trojan Guarder.exe	TrojanGuarder misleading security software - not recommended, see here
X	ComTry Web Searcher	wstray.exe	Comtry MP3 Downloader related - spyware
X	comxt	comxt.exe	Added by the COMXT TROJAN!
X	con	[path to trojan]	Added by the BRAVE-A TROJAN!
X	ConfidentUser	SRP.exe	ConfidentUser misleading security software - the site's "online scanner" detected by Kaspersky antivirus as WinFixer.ba
X	Config	service.exe	Added by the ISRAZ.B WORM!
X	Config	WinService32.exe	Added by the CRUTCHA-A TROJAN!
X	Config Loadation	iEEexplore.exe	Added by the SDBOT.H TROJAN!
X	Config Loadatiorin	I3Explorer.exe	Added by the SDBOT.H TROJAN!
X	Config Loader	svchosl.exe	Added by the GAOBOT.P WORM!
X	Config Loader	sysldr32.exe	Added by the GAOBOT WORM!
X	Config Loader	scvhost.exe	Added by the GAOBOT.AE or GAOBOT.AO WORMS!
X	Config Loader	svhost.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Config Loader for Microsoft Windows	mwincfg32.exe	Added by the AGOBOT.BD WORM!
X	Config Loader2	explores.exe	Added by the GAOBOT.BT WORM!
X	Config Loadr	winsys32.exe	Added by the AGOBOT-HN WORM!
X	Config33.exe	Config33.exe	Added by the SDBOT.T TROJAN!
X	ConfiggLoader	cart322.exe	Added by the GAOBOT.DJ WORM!
U	ConfigSafe	CFGSAFE.EXE	ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
U	ConfigSafe	AUTOCHK.EXE	ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions -- provides a restore function. Your choice
N	ConfigServices	Config.exe	Part of initial setup on a Compaq PC
X	configsetup	configsetup32.exe	Added by the AGOBOT-AFP WORM!
X	Configuration	explorer32.exe	Added by the SDBOT-ML WORM!
X	Configuration	[filename]	Added by the SDBOT-ML WORM!
X	configuration	apphost.exe	Added by the SDBOT-VP WORM!
X	Configuration	ntsys32.exe	Added by the SDBOT-LN WORM!
X	Configuration Default	Wuxat.exe	Added by the SPYBOT-CA WORM!
X	Configuration File	Winset32.exe	Added by the FLUX.101 TROJAN!
X	Configuration Loaded	wupdated.exe	Added by the MOEGA or MOEGA.AG or MOEGA.AP WORMS!
X	Configuration Loaded	lssas.exe	Added by a variant of the SDBOT WORM!
X	Configuration Loader	aim95.exe	Added by the LOADCFG or SDBOT TROJANS!
X	Configuration Loader	cmd32.exe	Added by the LOADCFG or SDBOT TROJANS!
X	Configuration Loader	syscfg32.exe	Added by the SDBOT.B TROJAN!
X	Configuration Loader	service5.exe	Added by the GAOBOT.AF WORM!
?	Configuration Loader	lfass.exe	??
X	Configuration Loader	sycfg34.exe	Added by the GAOBOT.AN WORM!
X	Configuration Loader	wincrt32.exe	Added by the GAOBOT.BF WORM!
X	Configuration Loader	windex.exe	Added by the GAOBOT.BZ WORM!
X	Configuration Loader	dosrun32.exe	Added by the GAOBOT.AO WORM!
X	Configuration Loader	Service.exe	Added by the GAOBOT.AO WORM!
X	Configuration Loader	Servicess.exe	Added by the GAOBOT.AO WORM!
X	Configuration Loader	sw32.exe	Added by the AGOBOT.BQ WORM!
X	Configuration Loader	System.exe	Added by the GAOBOT.AO WORM!
X	Configuration Loader	Winreg.exe	Added by the GAOBOT.AO WORM!
X	Configuration Loader	sysinfo.exe	Added by the GAOBOT.FQ WORM!
X	Configuration Loader	microsoft.exe	Added by the GAOBOT.JB WORM!
X	Configuration Loader	confgldr.exe	Added by the GAOBOT.GEN!POLY WORM!
X	configuration loader	winicfg32.exe	Added by the GAOBOT.RQ WORM!
X	Configuration Loader	svhst.exe	Added by the GAOBOT.YC WORM!
X	Configuration Loader	msgfix.exe	Added by the GAOBOT.AUS or SDBOT.J or SDBOT-QG WORMS!
X	Configuration Loader	msnss.exe	Added by the GAOBOT.AUS WORM!
X	Configuration Loader	IEXPL0RE.EXE	Added by the LOADCFG or SDBOT TROJANS!
X	Configuration Loader	loadcfg32.exe	Added by the LOADCFG or SDBOT TROJANS!
X	Configuration Loader	MSTasks.exe	Added by the LOADCFG or SDBOT TROJANS!
X	Configuration Loader	systemry.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Configuration Loader	ccSort.exe	Added by the AGOBOT.SR WORM!
X	Configuration Loader	smss32.exe	Added by the AGOBOT.MB WORM!
X	Configuration Loader	wincffg.exe	Added by the AGOBOT.A3 WORM!
X	Configuration Loader	seru32.exe	Added by the SDBOT-VR WORM!
X	Configuration Loader	botss.exe	Added by the SDBOT-XS WORM!
X	Configuration Loader	ldasp.exe	Added by the AGOBOT.BH WORM!
X	Configuration Loader	msgcfgsrv.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Configuration Loader	smsai.exe	Added by the SDBOT-YE WORM!
X	Configuration Loader	svupdate.exe	Added by the RANDEX.DXP WORM!
X	Configuration Loader	crcss.exe	Added by the AGOBOT.ADG WORM!
X	Configuration Loader	lexplore.exe	Added by the RBOT-AGX WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
X	Configuration Loader	scvhost.exe	Added by the AGOBOT-AAE and SDBOT.AR WORMS!
X	Configuration Loader	svchost.exe	Added by the PARADROP-A WORM! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
X	Configuration Loader	svchost2.exe	Added by the AGOBOT.JR WORM!
X	Configuration Loader	dezi.exe	Added by the SDBOT-OB WORM!
X	Configuration Loader	mouse.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Configuration Loader	msg.exe	Added by the SDBOT.BT WORM!
X	Configuration Loader	WinHelper.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Configuration Loader	extrac.exe	Added by the SDBOT-AFP WORM!
X	Configuration Loader	DVD-Player.exe	Added by a variant of the SDBOT WORM!
X	Configuration Loader	IEXPLORE.EXE	Added by the SDBOT-KW WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Configuration Loader	svchost.exe	Added by the PARADROP-AI WORM! Note - this is not the legitimate svchost.exe process which should not normally figure in Msconfig/Startup!
X	Configuration Loader	wincore.exe	Added by the SDBOT.BHE WORM!
X	Configuration Loader	configldr.exe	Added by the AGOBOT-PP TROJAN!
X	Configuration Loader	ahnhst.exe	Added by the AGOBOT.MX WORM!
X	Configuration Loader	ntdm.exe	Added by the AGOBOT.RV WORM!
X	Configuration Loader Service	Winsys32.exe	Added by the RBOT-YV WORM!
X	Configuration Loader Service	devl32.exe	Added by the SDBOT-XY WORM!
X	Configuration Loader10	ip7.exe	Added by the AGOBOT-ANZ WORM!
X	Configuration Loading	svchos1.exe	Added by the GAOBOT.DK WORM!
X	Configuration Loading	configldr.exe	Added by the AGOBOT-EC WORM!
X	Configuration Loading Service	wscel.exe	Added by the SDBOT-WJ WORM!
X	Configuration Loadr	iexplore.exee	Added by an unidentified WORM or TROJAN!
X	Configuration Manager	CNFGLD32.EXE	Added by the SDBOT TROJAN!
X	Configuration Manager	Cnfgldr.exe	Added by the SDBOT TROJAN!
X	Configuration Manager	cfg32.exe	BookedSpace parasite. Note - the "cfg32.exe" file is located in the Winnt or Windows folder
X	Configuration Servecie	sewins.exe	Added by the SDBOT-COH WORM!
X	Configuration Service	suchost.exe	Added by the TREB TROJAN!
X	Configuration Services	mswords.exe	Added by the SDBOT-YM WORM!
N	Configuration Utility	CONFIG.EXE	Controls linksys wireless connection. Available from the Desktop
U	Configuration Utility	wlanutil.exe	NetGear Wireless LAN configuration utility for the MA311 802.11b (and maybe other cards)
X	Configuration Wizard	Cfgwiz32.exe	Added by a variant of the HACKTACK TROJAN! Not to be confused with the legitimate MS "ISDN Configuration Wizard" (Cfgwiz32.exe)
X	Configuration32 Loader32	winamp32.exe	Added by the SDBOT-BIC WORM!
X	ConfLoader	sysconf16.exe	Added by the SDBOT-FB TROJAN!
N	Conmgr	conmgr.exe	Starts Winfax pro at startup
U	ConMgr.exe	conmgr.exe	Connection Manager as used by Earthlink and others. If you need this to ensure a proper connection but don't want to connect at startup try creating your own shortcut
X	conmswf	conrnbne.exe	Added by the SDBOT-DEX WORM!
U	Connect Kasamba	Kasamba.exe	"Finding the expert help that you need is easy on Kasamba. With more than 30,000 registered experts in over 600 categories to choose from, chances are, we`ll have just the right professional in the exact area of expertise that you need"
X	Connect2Party	connect2party.exe	Adult content dialler
U	Connection Keeper	ConKeepM.exe	"Connection Keeper is an invaluable time-saving tool for dial-up users. This free program simulates Internet browsing (at a random interval) to prevent your connection from appearing idle, thus preventing your ISP from dropping your connection due to inactivity"
N	Connection Manager	CManager.exe	SBC Yahoo DSL service connection manager. You can connect from the network connections. Users having problems with this have been advised to uninstall the connection manager via Add/Remove Programs and it won't affect the service
X	Connectivity Tool	[path to trojan]	Added by the LITEBOT-E TROJAN!
X	Connector	SYS.EXE	Added by the dialer.Nunci premium dialer
X	Connector	sms.EXE	Added by the ExDial-B premium rate adult content dialer
N	CONNECTScheduler	CONNECTScheduler.exe	Scheduler for updating Sony's CONNECT music download service
X	Cons	consol32.exe	Hijacker - redirects to a p0rn portal, where foistware like ISTBar gets stealth installed
X	conscorr	conscorr.exe	VX2.Transponder parasite updater/installer related
X	Console de Gerenciamento Microsoft	csrss.exe	Unidentified malware! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a SystemLevel4 subfolder
X	Console de Gerenciamento Microsoft	csrss.exe	Added by the BANCBAN-ET TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Central de Seguran?a" subfolder
U	Consumer Input	ConsumerInput.exe	Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
U	Consumer Input Rewarded with MyPoints, Consumer Input	ConsumerInputRewardedwithMyPoints, ConsumerInput.exe	Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
U	Consumer Input Rewarded with MyPoints, Consumer Input Update	ConsumerInputRewardedwithMyPoints, ConsumerInputUa.exe	Consumer Input Toolbar. Opt-in market research monitoring you browsing habits - see the FAQ
?	Contacte	contacte.exe	Some kind of driver?
X	Content connector	[random filename].exe	Added by the DIALER-Y TROJAN! Note - uses a random filename and random folders. Usually the folder containing the file is a Temp folder
X	ContentDownload	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	ContentService	winservn.exe	Homepage hijacker
X	ContinueInstall	bpsinstall.exe	BrowserAid/BrowserPal foistware
X	ContraVirus	ContraVirusPro.exe	ContraVirus misleading security software - not recommended, see here
X	Control	rundll32.exe ctrlpan.dll, Restore ControlPanel	CoolWebSearch Msconfd parasite variant
N	Control Center	Center.exe	Related to an Asus WLAN card
X	Control handler	**********.exe [ = random char]	CoolWebSearch parasite variant
X	Control handler	ahjinst.exe	CoolWebSearch parasite variant
X	Control handler	[10 to 14 random char]THD.EXE	Added by the KREPPER-AI TROJAN!
N	control panel	smctrlw.exe	System Tray icon for a Silicon Motion LynxEM based PCI Graphics Card
X	Control Panel	System.exe	Added by the DANI TROJAN!
X	control panel software service	cprs.exe	Added by the RBOT-FPI WORM!
X	Controladores	[path to trojan]	Added by the TELEFO-A TROJAN!
N	ControlCenter2.0	brctrcen.exe	Brother scanner 'Control Center' application - can be started manually
N	ControlCentreTray	XWCTray.exe	System Tray access for the Xerox ControlCentre 2.0 software for their range of printers, copiers, faxes, etc
X	Controlled Resource System Service	crss.exe	Added by the AGOBOT.GH WORM!
N	Controller	WFXCTL32.EXE	From Symantec's TalkWorks Pro and WinFax. Appears if you chose to have the program appear in the taskbar (System Tray) during installation and displays a yellow fax/telephone icon. Available via Start -> Programs
X	ControlPanel	rundll32 internat.dll, LoadKeyboardProfile	CoolWebSearch parasite variant
X	ControlPanel	host32.exe internat.dll, LoadKeyboardProfile	Added by a vairant of the DELF.DW TROJAN!
X	ControlPanel	cmd32.exe internat.dll, LoadKeyboardProfile	Added by the DLOADER-HF TROJAN. Note - the "cmd32.exe" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	ControlPanel	systemctrl.exe internet.dll, LoadNetworkProfile	Browser hijacker, also detected as STARTPA-FX
X	ControlPanel	internat.dll, LoadKeyboardProfile	Added by the BIZVES-A TROJAN!
X	ControlPanel	popcorn.exe internat.dll, LoadKeyboardProfile	Added by the BIZVES-B TROJAN!
X	ControlPanel	popcorn64.exe	Browser hijacker, redirecting to loadcash.biz
X	ControlPanel	popcorn64.exe rundll.dll, LoadMouseProfile	Added by the DLOADER-OI TROJAN!
X	ControlPanel	popcorn72.exe rundll.dll, LoadMouseProfile	Added by the DLOADER-RA TROJAN!
X	ControlPanel	svcc.exe	WorldSearch adware
X	ControlPanel	popcorn320.exe rundll.dll, LoadMouseProfile	Added by a variant of the DLOADER-RA TROJAN!
X	ControlPanel	private.exe internat.dll, LoadMouseCarpetProfile	Reported by Norman Virus Control as W32/Downloader. Creates the files sdfff, fdsf and zxczxc. In the C:WINDOWSSYSTEM32 directory creates the files d.exe, s.exe and r.exe. Note - the "private.exe" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	ControlServiceMgr	csmsv.exe	Added by the AGENT-XC TROJAN!
U	Cookie Cop 2	CookieCop.exe	Cookie Cop 2 from PC Magazine - cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
U	Cookie Pal	CPBRWTCH.EXE	Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
U	CookieJar	Cookiejar.exe	Cookie Jar cookie manager from Jason's Toolbox. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return. No longer being actively supported
U	CookiePatrol	CookiePatrol.exe	CookiePatrol - cookie interceptor stopping spyware cookies that used to be part of PestPatrol before CA's aquisition
U	CookieWall	cookie.exe	CookieWall from Analog X. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
U	Cool Desk	cdesk.exe	Cool Desk is a virtual desktops manager. "Ever you wished to have several screens on your computer? Cool Desk creates up to 9 virtual desktops and offers you to have different windows on each of them". Not required but may be of use to you
X	CoolDownloads	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
U	CoolMon	CoolMon.exe	"CoolMon monitors vital system stats and almost anything else you wish to display on the desktop"
X	CoolMP3	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
U	CoolSwitch	taskswitch.exe	ALT+TAB replacement Powertoy for Windows XP - enhances the graphics displayed when you want to switch between programs running full-screen
N	Coolwallpaper	cwm_tray.exe	Cool Wallpaper software allows you to manage high quality photos as desktop wallpaper and screen savers
X	coolwebprogram	clrssn.exe	CoolWebSearch Smartsearch parasite variant
N	Copernic Desktop Search	DesktopSearch.exe	Copernic Desktop Search - "Easily search your entire hard drive in less than a second to pinpoint the right file, e-mail, music or pictures"
U	Copernic Desktop Search 2	DesktopSearchService.exe	Copernic Desktop Search - search agent
U	CopernicPerUserTaskMgr	CopernicPerUserTaskMgr.exe	Automatic tasking feature of Copernic Pro multi-search engine tool
Y	Copperhead	razerhid.exe	Razer Copperhead mouse driver
U	Copy handler	Copy Handler.exe	Copy Handler lets you copy between hard disks, floppies, local networks, CDs, and many other storage media. Copy Handler gives you the power to pause, resume, restart, and cancel during the copying and moving processes
N	Copyright	mwcpyrt.exe	Displays copyright information on IBM ThinkPads
X	Core Process Aplication	ccapl.exe	Added by a variant of the RBOT WORM!
X	Core Process Aplication x16	ccapl16.exe	Added by a variant of the SLAPER TROJAN!
X	Core Process Aplication x32	ccapl32.exe	Detected by Kaspersky as the SRAMLER.E TROJAN! See here
U	CoreCenter	CoreCenter.exe	MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
U	CoreCenter	CORECE~1.EXE	MSI Core Center - motherboard utility for monitoring CPU speed, voltages, temperatures and fans speeds as well as overclocking
N	Corel Colleagues & Contacts Reminders	cffrem.exe	Corel Colleagues & Contracts - all-in-one organizer for scheduling meetings, maintaining addresses, etc. Part of the now defunct Corel Print Office
N	Corel Desktop Application Director	dadx.exe	The Desktop Application Director (DAD) gives you easy access to all Corel applications - x represents ther version number. Available via Start -> Programs
N	Corel Family & Friends reminders	CFFREM.EXE	Corel Family & Friends - all-in-one calender, address book and list manager. Part of the now defunct Corel Print House Magic
N	Corel Photo Downloader	MediaDetect.exe	Related to Corel Photo Album
N	Corel Registration	Remind32.exe	If you don't want to register Corel products and be reminded about it every 2 weeks disable it
N	Corel Registration Reminder	Remind32.exe	If you don't want to register Corel products and be reminded about it every 2 weeks disable it
N	Corel Reminder	NAVBROWSER.EXE	If you don't want to register Corel products and be reminded about it every 2 weeks disable it
N	Corel Reminder	NAVBrowser.exe	Registration reminder for CorelDRAW 10
N	CorelCENTRAL 10	I_26dadCC.exe	CorelCENTRAL 10 - personal information manager (PIM). Supplied as part of Corel WordPerfect Office 2002. Available via Start -> Programs
X	CorelDraw Toolbox	CorelDraw.exe	Added by the SDBOT-VZ WORM!
N	CorelMedia FoldersIndexer8	MFindexer.exe	Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office
N	CorelMedia FoldersIndexer8	MFINDE~1.EXE	Part of CorelDraw bundles for indexing media files - similar to "fast find" in MS Office
X	CoreSrv	coresrv.exe	Some IRC trojans/worms use this - see here for more information
?	CORESYS	coresys.exe	??
X	Corporate Microsoft Update	uptask.exe	Added by the RBOT-GVB WORM!
N	CorrectConnect	CConnect.exe	Broadband ISP diagnostic tool - as used by NTL and Cox Communications. Shortcut available
X	cosine	cosine.exe	Added by the RBOT-SW WORM!
U	CostAware	niIPCApp.exe	NetInternals CostAware - download quota measuring tool
X	Counterstrike Service Agent	czrzns.exe	Added by the MEDBOT.AR WORM!
N	Country Select	pctptt.exe	Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
N	CountrySelection	pctptt.exe	Country selection for a PCtel HSP56 based modem. Often found in OEM (Dell,Compaq, HP, etc) systems for their modems included on the motherboard or as a separate card. Once you've set the modem up to the chosen country it's not required
?	Coupon Offers	??	??
X	couponica	couponica.exe	Adware - see here
?	CP	CopyProtectionNotifier.exe	Related to Emuzed Systems and Middleware. Comes included with Windows XP Media Edition
U	CP32NOT	CP32BTN.EXE	For the programmable "one-touch" buttons on HP laptops (and others?). Safe to disable if you don't use these buttons
U	CP4HPOT	OneTouch.EXE	One Touch keyboard driver. Required if you use the additional keys
N	CP888M1	CP888M1.EXE	Related to EZbutton quick launcher for the Media player app that comes with certain laptops
?	CPA9P2PSERVER	CPA9P2PS.exe	Found on a Compaq Presario but what is it?
X	cpanel	winlogin32.exe	Added by the RBOT-FOY WORM!
U	CPATR10	CPATR10.EXE	Dritek/Compal ATR10 Easy Button driver. Used on certain laptops (e.g. Toshiba, Compaq) to translate special hotkeys such as Play/Pause and Constrast
U	CPBrWtch	CPBrWtch.exe	Kookaburra Software's Cookie Pal cookie manager. Allows you to decide which internet sites can add "cookies" related to their sites for the next time you return
Y	CPD_EXE	CPD.EXE	Firewall bundled with McAfee VirusScan 6.*
X	cpl	deamon.exe	Added by the TACTSLAY.C TROJAN!
X	cpl	msgaol.exe	Added by the TACTSLAY.C TROJAN!
X	cpl	s_menu.exe	Added by the TACTSLAY.C TROJAN!
X	cpl	browse.exe	Added by the TACTSLAY.C TROJAN!
X	cpl	msgaol.exe	Added by the TACTSLAY.C TROJAN!
N	CplBTQ00	CplBTQ00.EXE	Related to EZbutton quick launcher for the Media player app that comes with certain laptops
N	CPLDBL10	CPLDBL10.exe	Related to EZbutton quick launcher for the Media player app that comes with certain laptops
X	cpntmgc	wincomp.exe	Added by the WINTRIM_A TROJAN!
X	cpntmgc	simcss.exe	Added by the MAGICON.A TROJAN!
X	cpntmgc	navpmc.exe	Added by the SIMCSS TROJAN!
X	cpntmgc	winmgts.exe	Added by the WINTRIM-B TROJAN!
?	CPortPatch	cppatch.exe	CPortPatch is a utility is required for Dell laptops that are using a docking station. Is it needed though?
Y	CPQAcDc	CPQAcDc.exe	Compaq PowerCon power management software for laptops
U	CPQAlert	CPQAlert.exe	Compaq's Insight Manager Agent - a tool that allows for "fault, performance, and configuration management". Recommended for corporate users only. It's best removed if installed but not wanted, rather than disabled at startup. See here for more information
N	CPQBootPerfDB	CPQBootPerfDB.EXE	See the entry for Compaq Message Server
Y	CPQCalib	CPQCalib.exe	Compaq PowerCon power management software for laptops
N	CPQDFWAG	CpqDfwAg.exe	For Compaq PC's. Runs Compaq diagnostics on every boot
U	CPQEASYACC	cpqeadm.exe	For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
U	CPQEASYACC	StartEAK.exe	Easy Access Button Support for Compaq PCs. Allows the use of programmable keys on multimedia keyboards. Required if you use the additional keys
U	CPQEASYACC	STARTDRV.exe	For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
U	cpqeaui	cpqeaui.exe	For Compaq PC's. Allows the use of programmable keys on mulimedia keyboards. Required if you use the additional keys
U	cpqek	kcpqek.exe	For Compaq PC's. Easy Access button support for the keyboard
U	CPQInet Runtime Service	CpqInet.exe	For Compaq PC's. Allows AOL and Compuserve to use the Easy Access buttons for the internet. Is not required if you don't use the ISP providers
N	CPQINKAGENT	cpqinkag.exe	That is the Compaq Ink Agent for some inkjet printers, it lets users know when their ink cartridges are getting close to empty (by how many pages they have printed)
U	cpqns	cpqnpcss.exe	Related to Compaq.Net - not required if you don't use that
N	Cpqset	Cpqset.exe	Default settings software in Hewlett Packard notebook
Y	CPQSTUTFIX	stutfix.exe	For Compaq PC's. Fixes audio stutter problems for ESS Maestro soundcards. You can download it here. This is a Compaq originated file and has been verified as free from viruses by McAfree/Norton
U	CPQTEAM	cpqteam.exe	This program is bundled with HP servers. When loaded a system tray icon will be available that launches the HP Network Configuration Tool
X	cpr	cpr	Adroar.com adware downloader
X	cprocsvc	cproc.exe	Added by MSIL.AGENT.C TROJAN!
X	CPU Manager	cpumgr.exe	Added by the PANDEM.B WORM!
X	CPU Temp Control	wuitgurd.exe	Added by the RBOT-AHV WORM!
X	CPU Watcher	rundll32.exe cpu.dll, load	Added by the DLOADER-LO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "cpu.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	CPU Windows Status	cpustats.exe	Added by a variant of the RBOT WORM!
U	CPUcool	Cpucool.exe	Program to keep the processor cool when idle in "overclocked" systems. Also available via Start -> Settings -> Control Panel
N	CPUMon	CPUMon.exe	"CPUMon continuously displays the updated system statistics in a floating window as well as in system tray area"
X	Cpusave	Cpusave.exe	Added by the GEMA TROJAN!
X	Cpusave32	Cpusave32.exe	Added by the GEMA TROJAN!
X	CPVHOST Settings	cpvhost.exe	Added by a variant of the SDBOT TROJAN!
X	cpyt	hidep.exe	Added by the MIRJACK-A TROJAN!
X	cqlyg	world_cup_.bat	Added by the WCUP.A WORM!
?	CQSCP2P SERVER	??	"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed
?	CQSCP2PS	??	"Compaq printer utility which is required in the startup menu in order to make the printer work correctly". Personally I doubt whether it is actually needed
X	Cr*.exe [ = random char]	Cr*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Cr*.exe [ = random char]	Cr*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Cr*32.exe [ = random char]	Cr*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
U	cracked_windows1	cracked_windows1.exe	Cracked Windows popup killer
N	CrazyTalk Serve	rundll32.exe CrazyTalk.dll, DIIServeMediaFile	CrazyTalk from Reallusion - "the worlds only facial animation tool that gives you the power to create talking animated images from a single photograph, complete with emotions." Can apparently be installed without your knowledge as well as being a legitimate download in it's own right from sites such as TUCOWS
U	CRBroadCasting	CRBroadCasting.exe	CardReader2 from On Track Inovations Ltd. USB Card Reader
X	CRC Value Verifier	crsss32.exe	Added by a variant of the RBOT WORM!
X	CRC Value Verifier	Crsss64.exe	Added by the RBOT-NY WORM!
X	CRC Value Verifier	svchost32.exe	Added by the RBOT-OA WORM!
X	CRC Value Verifier	crsss.exe	Added by the SPYBOT.UK WORM!
X	Crc32stats Dependencies	Crc32stats.exe	Added by the MYTOB.GT WORM!
X	CRCSS	crcss.exe	Added by the IRCBOT-TH WORM!
U	Creata Mail	JMSrvr.exe	Creata_Mail. Smileys, stationary and more for you email. Required if you want to access the program from Outlook or Outlook Express
X	Create A Monster	createAMonster.exe	Kudd.com CreateAMonster. Reportedly stealth installed and Look2Me adware related
N	CreateCD	Createcd.exe	Adaptec Easy CD Creator system tray application (pre version 5). Available via Start -> Programs
N	CreateCD50	Createcd50.exe	Adaptec Easy CD Creator version 5 system tray application. Available via Start -> Programs
X	Creates stractures for system management	stacture.exe	Added by the SDBOT-DHS WORM!
N	Creative AGP Wizard	agpwiz.exe	Part of Creative's BlasterControl
X	Creative Audio Drivers	creative.exe	Added by the RBOT-FKR WORM!
N	Creative Detector	CTDetect.exe	Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
N	Creative Launcher	CTLauncher.exe	For Creative Soundblaster Live! series soundcards. Adds a quick-launch bar to the top of the display and a System Tray icon. Available via Start -> Programs
U	Creative Live! Cam Manager	CTLCMgr.exe	Creative Live! Cam Manager
N	Creative MediaSource Go	CTCMSGo.exe	"Creative MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats"
N	Creative MediaSource Go	CTCMSGoU.exe	Creative MediaSource playbacks music in DVD-Audio, MP3, WMA, WAV and other media formats"
N	Creative PCI Audio Configuration Utility	starter.exe	System Tray icon to configure a Creative Soundblaster PCI soundcard. Not required and re-instates itself when un-checked. Try one of the solutions on this special page. Similar to EnsoniqMixer
N	Creative Service for CDROM Access	Ctsvccda.exe	Resident program for Creative's PlayCenter included with Soundblaster Audigy sound cards - speeds up detection of some media CDs if the system doesn't natively support them. Available via Start -> Programs
N	Creative Software Update	AutoUpdate.exe	Auto-updater for Creative Labs software
N	Creative WebCam Tray	Camtray.exe	Creative WebCam tray control - can be started manually
X	Creative.exe	Creative.exe	Added by the PROLIN WORM!
N	CreativeDiscNotifier	CTNOTIFY.EXE	For Creative Soundblaster Live! series soundcards. Detects when you insert a CD-ROM, DVD-ROM, etc. Available via Start -> Settings -> Control Panel
U	CreativeMixer	CTMIX32.EXE	Creative soundcard System Tray access to, for example, volume slider controls as normally provided by the "speaker" icon. Not required unless you adjust any settings otherwise available via the standard icon
?	CreativeTaskScheduler	CTSched.exe	Creative Task Scheduler. What does it do and is it required?
X	Critical Error Safe32	GetWaylayer32.exe	Added by the RBOT.IAL WORM!
X	Critical Update Check	battlenet.exe	Added by the DELF-LB TROJAN!
N	CriticalUpdate	Wucrtupd.exe	MS Windows Critical Update Notification. If you want to keep Windows up-to-date, check the Windows Update site
X	CriticalUpdate	wucrtupd.exe	Added by the NOALA.B WORM! Note - this file is located in the Windows or Winnt folder, and must not be confused with the legitimate Windows process of the same name as described here
X	crmssrlt	[random filename]	Added by a variant of the SLAPER TROJAN!
X	Crnsava	scrnsave.pif	Added by the SDBOT-ZV WORM!
X	cronos	MARCO!.SCR	Added by the OPASERV.G WORM!
X	CrossMenu	CrossMenu	Toshiba CrossMenu Utility - allows the user to create their own menus
X	CRP386 Networking	crp386.exe	Added by the IRCBOT.N TROJAN!
X	crs	crs.exe	Added by the AGOBOT-TJ WORM!
X	CRSSXP SysInfo	crssxp.exe	Added by a variant of the SDBOT TROJAN!
X	Crusty	dmcpl.exe	Added by the RUSTY WORM!
X	cryptdlg	cryptdlg.exe	Added by an unidentified TROJAN!
U	cryptoexpert	cexpert.exe	CryptoExpert from SecureAction Research. Advanced on the fly encryption system
X	Cryptographic Service	*****.exe [ = random char]	Added by the KORGO.W or KORGO.X or KORGO.AB WORMS!
?	Crystal 3D Audio Control	CWD3DSND.EXE	Crystal 3D Audio sound driver. Is it required?
X	CS Update	copy /Y [path] ActivationManager.dll.upd [path] ActivationManager.dll	Added by an unidentified malware
N	csaRem	spqmdmui.exe	Compaq modem country selection
Y	CSAV_CheckViruses	vchk.exe	Command Antivirus related
U	csc	csc.exe	Command line compiler for Microsoft C# it gets installed with the .NET SDK
X	CSCRS Value	cscrs.exe	Added by the RBOT-AAA WORM!
X	CSCRS Value Check	MsPMSPSd.exe	Added by a variant of the SDBOT WORM!
U	CSINJECT.EXE	CSINJECT.EXE	Part of Quarterdeck/Norton CleanSweep. "Csinject must be loaded in order for Smart Sweep to automatically monitor installations and properly track registry changes"
X	csm Win Updates	csm.exe	Added by the ZOTOB.B WORM!
X	CSNetManagerXp	isass.exe	Added by the HIDER-O TROJAN!
X	csoftok	softok.exe	Added by the QQPASS.G TROJAN!
X	csos	csos.exe	Added by the SDBOT-DFE WORM!
X	csrs	csrs.exe	Added by the GAOBOT.GEN!POLY WORM!
X	csrsc	csrsc.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	CSRSS	CSRSS.EXE	Search page hijacker, redirecting to http://www.search-aide.com/. Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	Csrss	csrss.exe	Added by the CHOD WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup and the executeable resides in a random folder name
X	csrss	csrss.exe	Added by the KEYLOG-AQ KEYLOGGER! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
X	csrss	csrss.exe	Added by the CHODE-J WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a random subfolder
X	csrss	msmsgs.exe	Added by the CHODE-J WORM!
X	csrss	nwiz.exe	Added by the CHODE-J WORM!
U	csrss	csrss.exe	BeyondKeylog surveillance software. Uninstall this software unless you put it there yourself. Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Program Files/Supremtec folder
X	Csrss	CSRSS.EXE	Added by the PUNYA-B WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	csrss	ssms.exe	Added by an unidentified malware
X	CSRSS Loader	csrsss.exe	Added by the AGOBOT.TX WORM!
X	csrss.exe	csrss.exe	Added by the DALBUG WORM! Note - this is not the legitimate csrss.exe process which is always located in the WinntSystem32 or WindowsSystem32 folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	csrssLevel4	csrss.exe	Unidentified malware. Note - this file is placed in a C:WindowsSystemLevel4 folder, and should NOT be confused with the legitimate csrss.exe process which is always located in the WinntSystem32 or WindowsSystem32 folder and should NOT figure in Msconfig/Startup!
X	CSRSSU	CSRSSU.exe	CoolWebSearch parasite variant - hijacking to Slawsearch.com. Also detected as the CWS-E TROJAN!
X	CSRSSW	CSRSSW.EXE	Added by the CWS-F TROJAN!
X	CSRSWIN	[trojan filename]	Added by the WINSHELL.50 TROJAN!
X	CSRSX	[trojan filename]	Added by the WINSHELL.50.B TROJAN!
X	csrvss	csrvss.exe	Added by a variant of the SDBOT TROJAN!
U	CSS Server	CSSServer.exe	ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself
U	cssauth	cssauth.exe	Related to IBM ThinkVantage Client Security Solution
?	cssauthe	cssauthe.exe	Part of the Client Security Solution on an IBM ThinkVantage (now Lenovo) PC - "a suite of ThinkVantage Technology tools designed to help protect access to your computer operating system and your sensitive data. The Client Security Solution integrates the hardware protection of its embedded chip with the protection afforded by its secure software." What does this do and is it required?"
Y	CSScheduleCheck	SCHWIZEX.EXE	Part of ConfigSafe - lets you identify changes to the registry, INI files, System asset files, system hardware, network connections, and operating system versions - provides a restore function. This part takes a snapshot of your system following a healthy re-boot
X	cssrs	cssrs.exe	Added by the BANCBAN-DW TROJAN!
X	csss	Csss.exe	Added by the BALICK TROJAN!
U	CSS_Central	CSS_1631.EXE	CSS Communication Agent (95 Host) from Command Software Systems (now Authentium). "CSS Central? provides administrators with a powerfully proactive tool to effectively manage and maintain the anti-virus strategy from a centralized console"
X	CSV10P1	CSP001.exe	ClearSearch adware
X	CSV10P70	CSv10P070.exe	ClearSearch adware
X	CSV7P26	CSV7P26.exe	ClearSearch adware
X	CSV7P70	CSV7P070.exe	ClearSearch adware
X	CSV7P91	CSV7P91.exe	ClearSearch adware
U	csvdea	csvdea.exe	SpyArsenalLog surveillance software. Uninstall this software unless you put it there yourself
X	csvhost.exe	csvhost.exe	Added by the CIMUZ-BD TROJAN!
Y	ct	ct.exe	ct.exe is a file is for the HP Learning Adventure software and if you use this software it is required to run it
X	CT Control Settings	CTSVCCD.EXE	Added by the RBOT-YS WORM!
U	CTAPR2	CTAPR2.exe	Console Launcher for the Creative Sound Blaster X-Fi series
N	CTAVTray	CTAvTray.exe	For Creative Soundblaster Live! series soundcards. Plays the EAX animation on start-up and adds a System Tray icon for it. Available via AudioHQ
U	CTCMonitor	CTCMonitor.exe	Click-to-Convert - document-to-HTML or doc-to-PDF converter. Only required if you are going to use the File -> Print method of using Click-to-Convert. If converting directly from MS Office, it is not required
X	CTDrive	rundll32.exe drvmod.dll	Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
N	CTDVDDet	CTDVDDet.exe	Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
N	CTDVDDet	CTDetect.exe	Auto-detect and play a DVD when using a Creative Soundblaster Audigy2 soundcard. Uses about 2.2 MB of memory. Disable it by heading to the MediaSource DVD Audio Player, selecting Tools, then uncheck the Auto Start box. It should not start up automatically again
X	ctf.exe	ctf.exe	Added by a variant of the BIFROSE TROJAN!
X	ctflog manager	ctflog.exe	Added by the DONBOMB.A TROJAN!
X	CTFM0N.exe	CTFM0N.exe	Added by the STARTPAGE.P TROJAN!
U	ctfmon	ctfmon.exe	CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example
X	ctfmon	taskmgr32.exe [ = number]	Added by the SOWSAT.B WORM!
X	ctfmon	cftmon.exe	Added by the DELIVE-A TROJAN! Note - this file is found in C:Windows or C:Winnt and is not the valid MS Office file of the same name (see here)
X	ctfmon	mIRC.dll	Added by the DELBOT-E TROJAN!
X	ctfmon	WinConst.exe	Added by the ASSASIN-G TROJAN!
U	CTFMon	ctfmon.exe	Family Keylogger is a program that lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Keystroke logger/monitoring program - remove unless you installed it yourself! Found in the SystemCTF (9x/Me) or System32CTF (NT/2K/XP) folder
X	ctfmon	msnmsgr.exe	Added by the JV TROJAN!
X	Ctfmon.exe	ctfmon32.exe	CoolWebSearch Ctfmon32 parasite variant
X	ctfmon.exe	ctfmon.exe	Added by the RAIDYS TROJAN! Note - this should not be confused with the valid Office XP file, see here
X	ctfmon.exe	msupdate32.exe	Spy Sheriff/SpywareNO malware, also detected as the SPYHOAX-A TROJAN, pretends to be a spyware remover! - file names spotted sofar include VXH8JKDQ2.EXE, NS6281400.so, CVXH8JKDQ2.EXE, down3.exe, sefe.exe, winstall.exe, and tool2.exe
U	ctfmon.exe	ctfmon.exe	CTFMon is involved with the language/alternative input services in Office XP. Ctfmon.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don't need these features. For more info on ctfmon see here. Ctfmon can be disabled from Control Panel, Text & Speech Services. Note - the file will always be located in the System32 folder, if it is located elsewhere it will likely be a worm or trojan! Can cause problems with some other programs if left enabled - see here for such an example
X	ctfmon.exe	ctfmon.exe eminem.exe	Added by the BHARAT.A WORM!
X	CTFMON32	CTFMON32.EXE	CoolWebSearch Ctfmon32 parasite variant - also detected as the CWS-E TROJAN!
X	ctfmon32	[random filename].exe	Added by the RBOT-GSN WORM!
X	ctfmona	ctfmona.exe	AntiVirusPro misleading security software - not recommended, see here
X	CTFMONSS	CTFMONSS.EXE	Added by the CWS-F TROJAN!
X	ctfnom	rundIl32.exe	Added by the LEGMIR-AW TROJAN!
X	ctfnom.exe	SVOHOST.exe	Added by the DIGIDOR-A TROJAN!
X	ctfnom.exe	OSRSS.exe	Added by the DLOADER-UQ TROJAN!
U	CTHELPER	CTHELPER.EXE	CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative's sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a "leave alone" background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so it's best left disabled unless you need it
X	CTHelper	cthelper.exe	Added by the RBOT-XB WORM! Note - do not confuse with the Creative application of the same name described here
X	CTime	[path to trojan]	Added by the HTTPDOS TROJAN!
X	CTin10	CTin10.exe	Added by the BANCOS.E TROJAN!
X	CtModule	CtModule.exe	Added by the CLICKER-EG TROJAN!
U	CTNMRUN	ctnmrun.exe	Detects the Creative NOMAD jukebox/MP3 player at the time it is attached to USB and starts the needed application (Creative PlayCentre 2) that you use to copy MP3 files to and from it. This is required if you want PlayCentre 2 to take control of the NOMAD once connected
?	CTPDPSRV	CTPDPSRV.EXE	Printer driver (in the WINDOWSSystem32spoolDRIVERSW32X86 folder). Is it required?
N	CTPerformanceUtility	CTPowUti.exe	Related to Creative PowerSysTrayApp. This program is a non-essential process, but should not be terminated unless suspected to be causing problems
X	ctpmon	ctpmon.exe	System Registry Cleaner - stealth installed foistware from sysregistry.com
N	CTRegRun	CTRegRun.exe	For Creative Soundblaster Live! series soundcards. Reminds you to register your card with Creative
U	CtrlVol	CtrlVol.exe	Volume control key on Acer, Fujitsu and other laptops
?	CTSched	CTSched.exe	Creative Task Scheduler. What does it do and is it required?
N	CTStartup	CTEaxSpl.exe	Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
U	CTSVolFE	CTSVolFE.exe	Creative Labs Mixer applet for the Sound Blaster Audigy
U	CTSVolFE.exe	CTSVolFE.exe	Creative Labs Mixer applet for the Sound Blaster Audigy
N	CTSyncU.exe	CTSyncU.exe	Creative Sync Manager - synchronizes music tracks on your computer with your player
U	CTsysVol	CTSYSVOL.exe	Creative sound card volume controls
?	cttdpsrv	cttdpsrv.exe	??
X	CTUpdate	ctupdclt.exe	Added by the RBOT-ABG WORM!
N	CTxfiHlp	CTXFIHLP.EXE	Added by the installation of a Creative Labs X-Fi sound card. This particular process provides the help functionality for your card
N	CTXFIREG	CTxfiReg.exe	Creative Labs sound card driver related. It appears that it isn't required and maybe registration related
X	Ctykd	[path to file]	SMALL.SN spyware
N	CTZDetec.exe	CTZDetec.exe	Auto-detect feature of Creative Media Lite which assists you in managing your music, ripping CDs and transferring other stored music to your Zen Stone MP3 player
X	CU1	VCClient.exe	Associated with the Surf Sidekick adware and should be removed
X	CU2	VCMain.exe	Associated with the Surf Sidekick adware and should be removed
Y	cuagentExe	Cuagent.exe	Command Antivirus related
X	CueX44	Dago.exe	Added by the PUNYA-B WORM!
X	CueX44_stil_here	WINLOGON.EXE	Added by the PUNYA-A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X	cuo	cuo.exe	Added by the BUGBEAR.A WORM!
X	Current Security Config	csecure.exe	Added by the RBOT-AMO WORM!
N	cursor	Screendragon_ VS_Taskbar.exe	ScreenDragon video player
N	CursorXP	CursorXP.exe	CursorXP from Stardock - tool for creating mouse cursors
U	Customizer2000	logon.exe	Automatic logon feature of Customizer 2000 - "a special utility which is designed to optimize Win9x/ME performance. The program lets you explore the many hidden settings in Windows, and make changes"
N	CuteMX	CuteMX.EXE	File sharing utility
X	Cvfjx	ANACON.EXE	Added by the NACO.A WORM!
X	cvmonitor.exe	cvmonitor.exe	Added by the SDBOT.BV WORM!
X	cvmsyslpd	sdservss.exe	Added by the MAILBOT-BY TROJAN!
Y	CVPND	cvpnd.exe	Sub-system used by Cisco VPN client for making a connection to a remote IPSec server
U	CW	cw4.exe	Chat Watch "is a monitoring and logging software for online chat and instant messaging programs"
U	CWatch	cw.exe	ChatWatch - chat monitoring tool
N	cwbckver	cwbckver.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Checks the software version on your PC to that of the iSeries it is connected to. Not required - and can be turned off in the Client Access properties. It's a waste of resources
N	cwbinhlp	cwbinhlp.exe	Client Access Help Registry Update Function - part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. It only updates the help files on your PC to match the level of the attached iSeries
N	cwbsvstr	cwbsvstr.exe	Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. Useful if you are going to access the iSeries through Windows Explorer to move files back and forth between Windows folders and iSeries folders. This is a tool that is only used by Client Access administrators (usually) so it is not required - a waste of resources
?	cwbwlwiz	cwbwlwiz.exe	Welcome wizard launcher - Part of IBM's iSeries (nee As/400) Client Access - communications suite that allows desktop, browser and wireless access to iSeries servers. What does it do and is it required?
?	Cwcdschk.exe	Cwcdschk.exe	IBM Thinkpad related?
U	cwcptray	cwcptray.exe	Related to ContentWatch Parental Control internet filter
X	cwingllib	atllsimm.exe	Added by a variant of the SDBOT WORM!
U	cwupdate	cwupdate.exe	ContentProtect from ContentWatch - internet filter
N	CXMon	Hpi_Monitor.exe	Autodetects when a HP camera is attached to the computer and launches the "HP Photoimaging Software". Available via Start -> Programs
N	Cyber	cyberchk.exe	Part of Belkins "Multimedia Cleaning Kit" and is automatically installed when you run their optical disk drive cleaning utility - to remind you to clean your drive after "x" amount of time has passed
U	Cyber Trio	showmode.exe	From G-Tek Technologies. Allows you to set the PC in one of three modes, Standard, Enhanced and Kiddo. Standard is full function, Enhanced prevents accidental damage and Kiddo is a play environment for kids. Pre-installed on some Packard Bell PCs
U	Cyber-Defender 2003	uwcdsvr.exe	Cyber Defender 2003
X	cyberfree.exe	***.dat [ = random char]	Unidentified adware
U	Cyberhawk	CHTray.exe	Cyberhawk from Novatix. Protects against viruses, spyware, identity theft
U	CyberLat Ram Cleaner	CLRamCleaner.exe	CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
U	CyberLat Ram Cleaner	CyberLat Ram Cleaner 1.1.exe	CyberLat RAM Cleaner - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
N	CyberMedia Agent	CMAGENT.EXE	Part of CyberMedia's Oil Change program. Not normally required. Note - if you have TextBridge, CyberMedia Agent may attach itself to TextBridge and cause TextBridge to crash everything if this is disabled
U	CyberPatrolNew	cphq.exe	"CyberPatrol is one of the most powerful and popular client-based, browser independent, Internet safety software solutions for Windows-based standalone PCs available today"
X	CyberWolf	CyberWolf.exe	Added by the KICKIN.A (or CYDOG.C) WORM!
X	CyDoor	CD_Load.exe	Adware. Check here for information about Cy-Door and here for a program that can remove it
X	CydoorUpdate	CD_Load.exe	Adware. Check here for information about Cy-Door and here for a program that can remove it
?	CYNHKey	CYNHKey.exe	??
N	CyphTray	CyphTray.exe	Cypherus - encryption software
U	CypressLinkMon	CypressLinkMon.exe	Related to CypressViewer from Siemens that "allows ACUSON Cypress cardiovascular system PLUS users to store, view, and analyze Cypress system PLUS studies on a standard Windows PC"
X	D SYSTEM	dd.exe	Added by the MYTOB-FN WORM!
Y	D-Link Air USB Utility	AirCFG.exe	D-Link wireless PCI adapter related
Y	D-Link Air Utility	AirCFG.exe	D-Link wireless PCI adapter related
N	D-Link AirPlus DWL-650+ Utility	WLANMON.exe	D-Link Air Plus Wireless PC modem connection monitor
Y	D-Link AirPlus G	AirGCFG.exe	D-Link Airplus Wireless Router driver
Y	D-Link AirPlus G Wireless Utility	AirPlus.exe	D-Link AirPlus G wireless configuration and monitoring utility
U	D-Link AirPlus XtremeG	AirPlusCFG.exe	D-Link AirPlus XtremeG wireless configuration utility
N	D066UUtility	D066UUTY.EXE	TWAIN driver for the CanoScan D660U flatbed scanner. Start scanning via your scanner management software
X	D3*.exe [ = random char]	D3*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	D3*32.exe [ = random char]	D3*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	d3dupdate.exe	bbeagle.exe	Added by the BEAGLE.A WORM!
U	D4	D4.exe	Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
X	dabrun	rundll32.exe dabapi.dll, Rundll32	SinaUpdateCenter adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "dabapi.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
N	DACONFIGEXE	daconfig.exe	3Com NIC Diagnostics. Available via Start -> Programs
Y	DadApp	dadapp.exe	"DadApp is the SW utility that controls the programmable buttons on Dell Laptops. Not required, but should be left in because it can create a hassle and doesn't always restore functionality to those buttons once unchecked and rechecked" - direct from Dell
N	Daemon	DAEMON32.EXE	Pre-loads game profiles for MS Sidewinder game controllers prior to release 2.0 of the software. Recommend upgrade. Available via Start -> Programs
U	Daemon	Daemon.exe	Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
X	Daemon	daemon.exe c daemon2.exe	Added by the SELOTIMA.A WORM!
U	DAEMON Tools	daemon.exe	Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
U	DAEMON Tools Pro Agent	DTProAgent.exe	"DAEMON Tools Pro converts your computer games CD/DVD discs into "virtual discs" or so called ?disc image? files, which run directly on your hard drive"
U	DAEMON Tools-1033	Daemon.exe	Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
X	dago	fault.exe	Added by the PUNYA-A WORM!
N	Daily Planner	dayplan.exe	Daily Planner - discontinued, and now part of KMCS Deluxe System Suite. Tool to plan your days, and check activities off as you complete them
X	Daily Weather Forecast	weather.exe	Added by the DLOADER-IP TROJAN!
X	DamedWare Services	dwdrce.exe	Added by the RBOT-AOJ WORM!
X	DanBtR270414	DanBtR270414.exe	Added by the VB-NIB WORM!
U	Dancer	DncLE.exe	Part of Microsoft Plus! Digital Media Edition - see here
X	Danton*	[random filename]	Added by the DANTON TROJAN! where * = random number
N	Dap	DAP.exe	Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
X	dark	imgst.scr	Added by the BANCOS.U TROJAN!
X	dark	imgrt.scr	Added by the BANCBAN-FH TROJAN!
X	dark	csrs.scr	Added by the BANCBAN-GT or BANCBAN-GU TROJANS!
X	DarkDevil.Grasiele.BR	Grasiele.VBS	Added by the LEMBRA WORM!
X	DarKNesS LsasS	LsasS23.exe	Added by an unidentified WORM or TROJAN!
?	DashIE	N/A	Could be related to "Dash Power Shopping" tool bar in IE?
X	daskaskfsak6	dsfids6.exe	Added by the ONLINEG-J TROJAN!
X	daskgfkkcx15	dasdsaads15.exe	Added by the ONLINEG-Q TROJAN!
X	dasxdads	fsdqd.exe	Added by the GAOBOT.BIQ WORM!
X	Data	System.dat.vbs	Added by the BISCUIT.A WORM!
X	data	msngs.exe	Added by the RBOT-ADQ WORM!
N	Data LifeGuard	BACKWE~1.EXE	Data LifeGuard diagnostic tools for Western Digital's series of hard drives
N	Data LifeGuard LifeLine Lite installer	DLGLI.EXE	Backweb installer - see here
X	Data Restore Service	prq8.exe	Added by the KELVIR.AI WORM!
X	Data789	Regedit.exe ....data789.tmp	Homepage hijacker
X	DATABASE MySql	[path] repcale.exe [path] beird.exe	Added by a variant of the RANDON.AN WORM!
N	DataCaching	FlashKsk.exe	SmartMedia Card management from the installation of a SanDisk reader for a camera's SmartMedia card and also adds the "Unplug and Eject Hardware" System Tray icon
U	DataKeeper	DataKeeper.exe	PowerQuest DataKeeper (now owned by Symantec) backup software
U	DataLayer	DataLayer.exe	Nokia PC Suite 5 - "A collection of powerful tools that you can use to manage your phone features and data." Synchronize the phone with, for example Outlook. You can also use it to browse your phone, edit the phone list and so on
N	DataViz Inc Messenger	DvzIncMsgr.exe	Installed with DataViz "Documents to Go" software
N	DataViz Messenger	DvzMsgr.exe	DataViz Documents to Go - "allows you to use your Word, Excel and PowerPoint files on your handheld anywhere, anytime. In addition, it now synchronizes e-mail with attachments, PDF files, pictures and Excel-like charts"
X	Datcheck	datcheck.exe	Added by the KEYPANIC TROJAN!
X	Date Manager	datemanager.exe	Date Manager - calender program. Spyware/adware based provided by The Gator Corporation. Please note that Claria Corporation no longer support GAIN-Supported software - see here
?	Datechecker	N/A	Could be related to this?
X	DateMakerIntl	DateMakerIntl.exe	Premium rate adult content dialler
X	DAupdate	DAupdate.exe	NavEnhance adware
?	DAW9532.exe	DAW9532.EXE	Loaded during installation of some 3Com network cards. Enables their DynamicAccess desktop management software. Is it required?
U	DayToday	DAYTODAY.EXE	DayToday from RoboMagic Software Corp. Displays the date on the taskbar
U	DAZEL Delivery Agent	DcDaemon.exe	Control and send documents, etc, to any destination. The Dazel Corporation has now been taken over by HP
X	dbar_starter	starter.exe	Deskbar adware - adds a search bar to your Windows taskbar which performs searches on www.w-w-w-dot-com.com
X	DbgHlp32	DbgHlp32.exe	Added by the WINKO.AO WORM!
U	DBISQL9	dbisqlg.exe	Related to SQL Anywhere from Sybase. A comprehensive package providing data management and data exchange technologies
N	dbserv	dbserv.exe	Database Server for Norton Ghost on Win2k Pro. Ghost works fine when it is disabled
X	dc	dc.exe	Added by the COIDUNG-A WORM!
X	dc2k5	SVIQ.EXE	Added by the COIDUNG-A WORM!
U	DC300 Monitor	cmonitor.exe	Monitor for a Acer DC300 digital camera
X	DC6CW	DC6CW.EXE	DriveCleaner misleading security program - not recommended, see here
X	DC6_Check	uwasdc.exe	WinAntiSpyware 2006 spyware remover - not recommended, see here
X	DC6_check	dc6_startupmon.exe	WinAntiVirus 2006 misleading virus software - not recommended, see here
X	dc6_check	dcmon.exe	SystemDoctor misleading security software - not recommended, see here
X	DCE Manager	dcemgr.exe	Added by the TUMAG TROJAN!
U	DCfssvc	dcfssvc.exe	Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
U	dcfssve	dcfssvc.exe	Associated with digital cameras and can cause problems which disappear if disabled. If this program is unchecked in startup, your camera will not cause your computer to open a pop-up window when you connect it. Leave enabled if you can't load pictures from your camera/dock - Kodak's dock is an example
X	Dcom System Patch	Microsoft.exe	Added by the RANDEX.MS WORM!
N	dcsm	dcsm.exe	DriveCleaner is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
N	DDCActiveMenu	DDCActiveMenu.exe	Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
N	DDCM	DDCMan.exe	Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
N	DDCMan	DDCMan.exe	Digital Distribution Channel - formally part of the WildTangent on-line games delivery service. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
X	ddeproc	ddeproc.exe	Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here
U	ddhelper	W815DM.EXE	Enuff Parental Control Software by Akrontech
X	DDialler	DDialler.exe	Adult content dialler
X	ddivmwa	[random filename]	Added by a variant of the SLAPER TROJAN!
U	ddoctorv2	sprtcmd.exe /P ddoctorv2	Comcast Desktop Doctor (provided by SupportSoft, Inc) is a free self-help tool for Comcast broadband users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service
X	DDriver	windrv.exe	Added by the DELF.WG TROJAN!
X	DDriver	svchost.exe	Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
?	DDT	N/A	??
U	DDWMon	ddwmon.exe	Direct Disc Writer Event Monitor from TOSHIBA
X	de32gen	de32gen.exe	Added by a variant of the CRYPTER.C TROJAN!
N	DeadAIM	rundll32.exe DeadAIM.ocm, ExportedCheckODLs	DeadAIM - feature enhancing product for AOL's Instant Messenger program
X	DeadKitty	DeadKitty.exe	Added by the DEADCAT-A WORM!
X	DealHelperBrwsr	dhbrwsr.exe	DealHelper adware
X	DealHelperDown	download.exe	DealHelper adware
X	DealHelperUpdate	DHUpdt.exe	DealHelper adware
X	Death.exe	Death.exe	Added by the DELF-ERW TROJAN!
X	Debug	DebugW32.exe	Added by the GUBED TROJAN!
X	Debugger	dbg32.exe	Added by the MYTOB-FW WORM!
X	Debugger	explorer32dbg.exe	Added by the CWS-M TROJAN!
X	Debugger	iexplore_dbg.exe	Added by the CWS-M TROJAN!
X	debugger	help.pif	Added by the DELF-DRA WORM!
X	DebugMonitor	debugmonitor.exe	Added by the MYDOOM.BG WORM!
U	DeeEnEs	DeeEnEs.exe	DeeEnEs - automatically updates a dynamic IP address when it changes
X	deejay	forboo.exe	Added by the FORBOT-AY WORM!
X	Deewoo	ncntnkwd.exe	Identified as a variant of the AdWare.Win32.ZenoSearch.am malware
X	Default	explore.vbs	Added by the ALLEM WORM!
X	Default	mtask.vbe	Added by the ALLEM WORM!
X	default	shell32.exe	Added by the BINGHE TROJAN!
X	Default	_default.pif	Added by the RUBBLE-C WORM!
X	Default System Research	vhchost.exe	Added by the TARNO.I TROJAN!
X	Default web browser	IexpIore.exe	Added by the OBLIVION.B TROJAN! Note - do not confuse "IexpIore.exe" with "iexplore.exe" (Internet Explorer), the first has a captial "i" in place of lower case "L"
X	Default_Page_URL	http://find.naupoint.com	Naupoint browser hijacker
X	Default_Search_URL	http://find.naupoint.com	Naupoint browser hijacker
X	defender	defender25.exe	DollarRevenue adware
X	defender	dfndref_7.exe	DollarRevenue adware
?	defergui	defergui.exe	Related to IBM Standard Software Installer. What does it do and is it required?
X	defragm_check	defragment.exe	CoolWebSearch parasite variant
X	defragsys	svchost.exe	Added by the BIFROSE-TH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
U	defwatch	defwatch.exe	Detects out-of-date virus definitions for Norton Anti-Virus Corporate Edition and runs the Defwatch Wizard. Only required if you don't update the virus definitions manually on a regular basis
U	Deko550	Deko550.exe	Associated with the Deko550 entry-level SD real-time graphics system from Avid Technology
U	Delay	delayrun.exe	On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
U	Delayrun	delayrun.exe	On HP PCs this program is used to help prevent conflicts or timing issues on fast computers
?	delcab	deltreew.exe C:cabs	??
X	Delete Me	worm.exe	Added by the DOOMHUNTER WORM!
U	DeleteHistoryFree	dhf.exe	Delete History Free - "Privacy protection software for deleting Internet surfing and other computer activity tracks from your PC"
N	Dell AIO Printer A***	dlbabmgr.exe	Dell AIO Printer A* related (* = model). Not Required at Startup
N	Dell AIO Printer A***	dlbfbmgr.exe	Dell AIO Printer A* related (* = model). Not Required at Startup
N	Dell AIO Printer A***	dlbkbmgr.exe	Dell AIO Printer A* related (* = model). Not Required at Startup
U	Dell AIO Printer A920	dlbkbmgr.exe	System Tray application for the Dell Photo AIO Printer 920 that enables scan or fax functions to run directly from the printer via the buttons
U	Dell AIO Printer A940	dlbabmgr.exe	System Tray application for the Dell Photo AIO Printer 940 that enables scan or fax functions to run directly from the printer via the buttons
U	Dell AIO Printer A960	dlbfbmgr.exe	System Tray application for the Dell Photo AIO Printer 960 that enables scan or fax functions to run directly from the printer via the buttons
N	Dell Alert	DAMon.exe	"Dell Alert" utility, that's supposed to make interaction with Support easier
U	Dell Photo AIO Printer 922	dlbtbmgr.exe	System Tray application for the Dell Photo AIO Printer 922 that enables scan or fax functions to run directly from the printer via the buttons
U	Dell Photo AIO Printer 942	dlbubmgr.exe	System Tray application for the Dell Photo AIO Printer 942 that enables scan or fax functions to run directly from the printer via the buttons
U	Dell Photo AIO Printer 962	dlbxmon.exe	DellPhoto AIO Printer 962 Device Monitor
N	Dell QuickSet	quickset.exe	Dell taskbar icon allowing you to quickly change settings
N	DELL Webcam Manager	DellWMgr.exe	Dell Webcam Manager - Webcam management software provided on Dell PCs
U	Dell Wireless Manager UI	WLTRAY	Installed alongside Dell Wireless WLAN Card and provides additional configuration options for these devices
N	Dell Wireless Manager UI	wltray.exe	System tray access to wireless LAN card configuration options
?	DellDMI	delldmi.exe	Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards?
U	DELLMMKB	DELLMMKB.EXE	Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
N	DellSC	dellsc.exe	Dell Solution Center - web-based troubleshooting tools and educational offerings
U	DellSupport	DSAgnt.exe	Dell Support Agent offers additional support and update features for your Dell computer or laptop
U	DellSupportCenter	sprtcmd.exe /P DellSupportCenter	Dell Support Center (provided by SupportSoft, Inc) is a free self-help tool for Dell users. Identifies and automatically fixes typical problems that may occur with your high-speed internet service
U	DellTouch	MMKeybd.exe	Dell multimedia keyboard manager. Required if you use the additional keys
U	DellTouch	DELLMMKB.EXE	Multimedia keyboard control for Dell based PCs - only required if you use the multimedia keys
X	delmsbb	delmsbb.exe	NCase adware
X	delsaap	delsaap.exe	NCase adware
?	delstart	delstart.exe	Reportedly part of BT ISP software - what does it do and is it required in startup?
X	delsubmit	rundll32.exe advpack.dll, DelNodeRunDLL32 submit.exe	CoolWebSearch parasite variant
?	DelTmp	DelTemp.exe	Added to the startup list after installing a Creative SoundBlaster Audigy soundcard. Deletes temporary files once an installation is complete?
N	DeltTray	deltray.exe	System Tray access to the control panel for the M-Audio Delta 44 PCI Analog Recording Interface. Available via a desktop shortcut, Start -> Programs or Start -> Settings -> Control Panel
X	DeluxeCommunications	Dxc.exe	Deluxe Communications, a SurfSideKick adware variant
X	DELXP Protocol	delxp.exe	Added by a variant of the SDBOT WORM!
?	demon	demon.exe	Part of the French Wanadoo ADSL extense pack. What does it do and is it required?
X	Deneca	Virus salvado	Added by the DELUZ VIRUS!
U	DepFrez	frzstate.exe	Deep Freeze from Faronics Coporation. "Freezes" the current software configuration so that an a re-boot all changes made refer back to their original settings. Not required for most users - more likely to be used by system administrators, for example
?	Description of Shortcuts	*.exe	* seems to be a sequence of alphanumerics that can be different, i.e., 1960F8A9, 4EBD23F5, etc. Each of these files would appear to be a shortcut, i.e., 4EBD23F5 is actually Works Calender Reminder (found via a registry search)
X	Desire	desires.exe	Adult content dialler
?	desk-top-service	desk-top-service.exe	??
X	DeskAd Service	DeskAdServ.exe	DeskAd.Service adware
N	DeskColor	DESKCOLOR.EXE	Provides transparent icon text backgrounds and coloured icon text
N	Deskflag	Deskflag.exe	DeskFlag - animated USA flag on the desktop
X	DeskMateAutoUpdate	DeskMateAutoUpdate.exe	DeskMates: Virtual scantily clad girls enhance your desktop. BargainBuddy adware related
U	Desksite CMA	cma.exe	DeskSite CMA siftware - "retrieves new content from the DeskSite Data Center"
U	DeskSlide	DeskSlide.exe	"DeskSlide is utility for automating wallpaper changes on your desktop"
X	Desktop	rundll32.exe msconfd.dll, Restore ControlPanel	Added by the BOOKMARKER TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "msconfd.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	desktop	desktop.exe	Added by the SDBOT.MD WORM!
X	Desktop	Desktop.com	Added by the VB-DRN WORM!
X	desktop	desktop.ini.vbs	IE-Title malware
N	Desktop Architect	DATRAY.EXE	Desktop theme manager available here - for managing the desktop appearance, fonts, sounds, etc
U	Desktop Calendar	Desktop Calendar.exe	Desktop Calendar - "Desktop Calendar is a highly customizable calendar program that turns your desktop into a traditional wall calendar, by rotating the background image on a monthly basis"
N	Desktop Plant	AZARE10S.PLT	Vritual plant from here - this version is an Azalea, there are others so the filename may be different
X	Desktop Search	desktop.exe	iSearch "Desktop Search" hijacker
N	Desktop Service Centre	DSC.exe	OptusNet DSL or Dial-Up connection software
N	Desktop Weather	THE WEATHER CHANNEL.exe	Desktop Weather by The Weather Channel - provides current temperature, conditions, alerts, etc
N	Desktop Weather 3	THE WEATHER CHANNEL.exe	Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc
N	Desktop Weather 3	THEWEA~1.EXE	Desktop Weather 3 by The Weather Channel - provides current temperature, conditions, alerts, etc
U	DesktopIconToy	DesktopIconToy.exe	"Desktop Icon Toy is an easy to use desktop icon enhancement tool, which allows you to make many funny but useful patterns out of your windows desktop icons"
N	desktopmgr	desktopmgr.exe	Synchronisation manager for the cradles for the Research In Motion range of wireless handhelds, including the "Blackberry"
X	DesktopUpdate	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
U	DesktopX	DESKTOPX.EXE	A program that replaces the regular Desktop and Taskbar, and can be changed to the user's liking
N	deskup	deskup.exe	Adds Iomega Zip drive icons to the desktop
X	destroyb11	destroyb11.exe	Added by the DELF-KO TROJAN!
U	detect	idetect.exe	iNTERNET Turbo from Clasys Ltd. "It accelerates any Windows 95/98/Me/NT/2000/XP internet connection in seconds". If you find it helps your connectivity leave it enabled
?	detect	turbodetect.exe	??
N	Detector	detector.exe	USB port detector for LG scanners. Sits in the System Tray, and when it detects the scanner through the USB port, you can run the scanner software from the tray. It is not required at all, since you can use the scan software from almost any photo editing software
U	DetectorApp	DetectorApp.exe	Related to Roxio MyDVD (was Sonic) DVD authoring software
?	DevconDefaultDB	READREG	Appears to be related to older Creative Soundblaster soundcards
X	Development Environment	devenv.exe	Added by the DELBOT-AH WORM!
U	DEventAgent	eventagt.exe	DEvent Agent Module client - part of Dell OpenManage and used for server management. Only required if you use this
X	devenv	smvss.exe	Added by the DEDLER-G TROJAN!
X	Device Configuration Loader	msdvc32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
U	Device Detector	DevDetect.exe	ACDSee Auto Device Detector detects when a device is connected to your PC and gives you the option to acquire images from it automatically
N	Device Detector 2	DevDtct2.exe	Installed by various Olympus products, this program detects the active connection of a speech device (voice recorder, etc) to a USB port then runs specific client software used to access that device. The DevDtct2 process has a "high" priority level which can negatively impact system resources
X	Device Manager	wfxmgr.exe	Added by the RBOT.AJU WORM!
U	DeviceDiscovery	hpotdd01.exe	Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
X	DevicePath	Proyecto1.exe	Added by the GRUEL WORM!
X	DevicePath	Root.exe	Added by the GRUEL WORM!
U	Devices	olesvr.exe	Salfeld Child Control - parental control software
X	Devicewin	[path to trojan]	Added by the BANKER-AEV TROJAN!
U	devldr16	devldr16.exe	Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
U	devldr16.exe	devldr16.exe	Associated with some Creative Labs sound cards. Provides audio support for DOS applications. Not needed if you don't have those. Required if you use "Sound Play Control" and "Sound Recorder". To disable: (1) Disable via MSCONFIG (2) Start -> Settings -> Control Panel -> System -> Device Manager then disable "Creative SB16 Emulation" under Creative Miscellaneous Devices
?	Devlog	??	??
?	Devlog	devlog.exe	Apparently mainboard/chipset related, by a French company called AS Media - what exactly is it, and is it required
X	dfgfdgrergd	[path to trojan]	Added by the RANKY.CK TROJAN!
X	dfgfdgrergd	[path to trojan]	Added by the RANKY.CK TROJAN!
?	DGJM	DGJM.exe	??
X	dgtstart	dgtstart.exe	DigitalNames.g adware
U	dguard	dguard.exe	eAcceleration Stop-Sign security software related. Previously not recommended, see here
X	DHCP	smss.exe	Added by the WINSPY.AG TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	DHCP Server	regsvr.exe	Added by the RBOT-PR WORM!
X	DHCP32	services.exe	Added by the WINSPY.AG TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
Y	dhcpagnt	dhcpagnt.exe	Intel DSL modem driver - leave enabled or you'll have to re-install the drivers
?	DHNUXB	DHNUXB.exe	??
N	diagent	diagent.exe	System Tray access for Creative Diagnostics for the Creative SoundBlaster series soundcards. Available via Start -> Programs
X	Diagnostic	diagnostic.exe	Added by the ALPHA-C TROJAN!
X	Dial22	dlm.exe	Adult content dialler
X	Dial33	dlm.exe	Adult content dialler
X	Dialer	rundll32.exe msa32chk.dll	Unidentfied malware
U	Dialer Control	dc.exe	Dialer-Control. Detects and protects from premium rate p0rn diallers
U	Dialer Detect	dd.exe	DialerDetect detects stealth installed premium rate diallers, and sounds the alarm when such a connection is being installed without you knowing it
U	Dialgo SDK	PhoneAnswer.exe	Dialgo Wave Modem ActiveX - "Telephone Answering Machine for scripting your own professional call center business scripts using a voice modem. Features Caller-ID, Wave Playback, Wave Recording, Digit Monitoring, POP3 e-mail Manipulation, Speech Recognition and Synthesis"
X	DialNet	mxt32.exe	Adult content dialler
N	Dialog Box Assistant	OSDEx.exe	Dialog Box Assistant from Duality Software. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders
N	Dialog Helper	PDDLGHLP.EXE	Dialog Helper from PowerDesk Pro by Ontrack. Helps with the standard Open and Save As dialog boxes by showing recently used files and folders. Available via Start -> Programs
X	DialUp Network Application	Rnaap.exe	Added by a variant of the SDBOT WORM!
X	Diam prlaer	oqedrhg.exe	Added by the SDBOT-DEU WORM!
?	Diamondview	Diamondview.exe	Manulife Financial Insurance program. Is it required at startup?
X	DIECOX	csrss.exe	Added by a variant of the ATM.GEN TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	Diesel	Recalculate.exe	Added by the LAZAR TROJAN!
U	DietK	DietK.exe	Diet Kazaa add-on for Kazaa Media Desktop - "removes all adware and popups, built in Download Accelerator, makes searches faster and helps produce more results"
U	DigiCell	DigiCell.exe	MSI DigiCell - "the most useful and powerful utility that MSI has spent much research and efforts to develop, helps users to monitor and configure all the integrated peripherals of the system, such as audio program, power management, MP3 files management and communication / 802.11g WLAN settings. Moreover, with this unique utility, you will be able to activate the MSI well-known features, Live Update and Core Center"
X	DigiD	DigitalSound.exe	Adware downloader
N	DigiGuide	CLIENT.EXE	TV guide and reminder
N	DigiGuide	client01.exe	TV guide and reminder
U	Digisoft AntiDialer	AntiDialer.exe	Digisoft AntiDialer
U	DigiSrv	DigiSrv.exe	Related to camera software from DigitalDreams
N	Digital Dashboard	devgulp.exe	For Compaq PC's. Loads Digital Dashboard options
N	Digital Line Detect	DLG.exe	Detects whether your are plugged into a digital telephone line and displays the information graphically. Installed by Dell (and maybe others) and is included with all Connexant V.92 and Broadcom modems
U	Digital Patrol Update 5	update.exe	Digital Patrol - "a powerful anti trojan scanner, which detects and eliminates more than 180'000 Trojan Horses and Spywares. Digital Patrol detects viruses, trojans, worms, spyware, malicious ActiveX controls and Java applets"
N	Digital River eBot	downlo~1.exe	Digital River Systems EBOT for downloading software from their site. In some cases, if you purchase software online for a download from a software manufacturer, you will be sent to this online company's site for the download after the purchase is complete. Read more here
X	DigitalNames	DigitalNamesStart.exe	DigitalNames spyware variant
N	DigitalWizard	ISWizard.exe	InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
N	DigitalWizard Monitor	dwMon.exe	InstallShield's DigitalWizard - free, complete Digital Content Management Solution that makes it easy to experience digital content
U	DIGServices	DIGServices	Created by Disney but licensed to ESPN for watching videos
N	DIGServices	DIGServices.exe	Created by Disney but licensed to ESPN for watching videos
N	DIGStream	digstream.exe	DIGStream Cache Manager - part of ESPN Motion and Disney Motion that periodically check for new videos and indication they're available in the System Tray. Starting ESPN Motion/Disney Motion starts digstream automatically
U	Dimension	Dimension.exe	Dimension - a program which lets you customize MSN messenger such as adding animated and coloured nicknames, personal toast creator, war tools (login flooder), and allows viewing and interacting with the raw MSN protocol
U	Dimension4	d4.exe	Dimension 4 - network time synchronization freeware - starts-up, adjusts the system clock, then shuts down
X	Dino3	dino3.exe	Related to Jurassic Park III and enables a dinosaur to walk across the screen. Also generates adverts and classified as adware as a result
X	Dinst	dinst.exe	IMIServer/IEPlugin adware
X	Dir1	caKe	Added by the CAKE WORM!
X	Direct settings	sdchost.exe	Added by the DAEMONI-I TROJAN!
U	Direct Update	DUControl.exe	DirectUpdate dynamic DNS updater
X	Direct X Direct3D	dxd3d.exe	Added by a variant of the SDBOT WORM!
X	Direct X Opengl	dxopengl.exe	Added by a variant of the RBOT-CJ WORM!
X	direct3d.exe	direct3d.exe	Added by the CERTIF-F TROJAN!
N	DirectCD	DirectCD.exe	DirectCD primarily allows you to drag and drop files onto a suitably formatted CD-RW disc. Unless you use this on a frequent basis it isn't required and is available via Start -> Programs. Start the program before inserting a DirectCD formatted CD-RW in the drive. A re-boot is recommended if you close Adaptec DirectCD before re-opening it again later
Y	Directory Opus Desktop Dblclk	dopusrt.exe	Directory Opus - an advanced file manager. "Directory Opus goes beyond the simple file manager metaphor, and offers you a complete replacement for Windows Explorer and many other utility programs for handling FTP, ZIP, viewing files and images, running slideshows and more"
X	directs.exe	directs.exe	Added by the BEAGLE.O or BEAGLE.R or BEAGLE.S or BEAGLE.T WORMS!
U	DIRECTVDSL	Directvdsl.exe	Starts DirectTV DSL modem at boot up. Can also be started manually
X	DirectX	ddhelp32.exe	Added by the BIONET.318 TROJAN! Note - not the DirectX helper which is ddhelp.exe
X	directx	Directx.exe	Added by the SDBOT.D TROJAN!
X	directx	Sqlexploit.exe	Added by the SDBOT.D TROJAN!
X	DirectX	DirectX.exe	Added by the BLAXE or LOGPOLE WORMS!
X	directx	NTCmd.exe	Added by the SDBOT.D TROJAN!
X	directx	PipeCmd.exe	Added by the SDBOT.D TROJAN!
X	DirectX 32	directx32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	DirectX For Microsoft Windows	dtxservice.exe	Added by the PROGENT TROJAN!
X	DirectX for Microsoft Windows	Fservice.exe	Added by the PRORAT TROJAN!
X	DirectX for Microsoft Windows	Sservice.exe	Added by the PRORAT TROJAN!
X	DirectX For Microsoft? Windows	fservice.exe	Added by the PRORAT-P TROJAN!
X	DirectX shell driver	[path to trojan]	Added by the MARKTMAN-B TROJAN!
X	Directx Startup Drivers	direct.exe	Detected by PCTools as the RBOT.UXL WORM! See here
X	DirectX Video Driver	dxterm5.exe	Added by the WILAB-A TROJAN!
X	DirectX64	DirectXset.exe	Added by the BROWNEY.A WORM!
X	DirectX9	direct3d.exe	Detected by Kaspersky as the AGENT.EDW TROJAN! See here
X	DirectX9 Diag	dx9diag.exe	Added by the RBOT-ALT WORM!
U	Dirkey	Dirkey.exe	Dirkey - small utility that allows you to bookmark up to 9 folders by using the Ctrl+Alt+1..9 shortcut keys in an Open/Save File dialog or in Windows Explorer. After this the Ctrl+1..9 shortcut keys can be used in the same or another window to go to any of the 9 bookmarked folders
?	Disable EHCI	nousb20.exe	??
N	Disc Detector	CtNotify.exe	For Creative sound cards. Detects when you insert a CD, DVD, etc
?	disc detector	qnetquestnotifty.exe	??
?	discoveg	discoveg.exe	??
?	DISCover	DISCover.exe	Related to DISCover Drop from Digital Interactive Systems Corporation. What does it do and is it required?
N	DiscoverDeskshop	Deskshop.exe	Discover Deskshop - single use "virtual" credit card
U	DiscUpdateManager	DiscUpdMgr.exe	Disc Update Manager for Digital interactive's DISCover Console. Provider of on-demand video games
N	DiscUpdateManager	DiscUpdateMgr.exe	DISCover from Digital Interactive Systems Corporation Inc. "The company?s patented Drop ?n? Play technology provides a simple, console-like experience when playing PC titles allowing for seamless play of CD/DVD-based games while its unique Parental Control system incorporates ESRB ratings to help users limit access to younger players"
U	DiscWizardMonitor.exe	DiscWizardMonitor.exe	Seagate DiscWizard - hard disk utility for Seagate's SATA and PATA (IDE) drives
X	Disk Check	chkdsk32.exe	Added by the IM TROJAN!
U	Disk Cleaner	DiskCleaner.Exe	Hard disk management part of TuneUp Utilities from TuneUp Distribution GmbH
X	Disk Defragmentation Loader	pmsvcr.exe	Added by a variant of the IRCBOT TROJAN!
X	Disk Essensial Tools	detsvc.exe	Added by a variant of the IRCBOT TROJAN!
X	Disk Keeper	[path to trojan]	Added by the SMALL-VE TROJAN!
X	Disk Keeper	SECURITY.EXE	Daosearch adware
X	Disk Manager	diskver.exe	Added by the RBOT.AQT WORM!
X	Disk Master	[trojan name]	Added by the DISTER TROJAN! - a spam relayer
X	Disk Panel Configuration	dpcsvc.exe	Detected by PCTools as the IRCBOT.BSQ TROJAN! See here
X	Disk Panel Setup	npcsvc.exe	Added by a variant of the IRCBOT TROJAN!
X	DiskCheck	msdarkend.exe	Added by an unidentified WORM or TROJAN!
N	DiskeeperSystray	DkIcon.exe	DisKeeper defragmentation software - can be started manually
X	diskinf	diskinf.exe	Added by the CRYPTER.A TROJAN!
?	DISKMON.EXE	DISKMON.EXE	??
N	Disknag	disknag.exe	Dell program that reminds you to make your backup diskettes
X	Diskstart	Code.exe	Adult content dialler
X	Diskstart	cat.exe	MS-Connect dialler
X	Diskstart	hit.exe	Adult content dialler
X	Diskstart	Snt.exe	Adult content dialler
U	Disk_Monitor	Disk_Monitor.exe	Multi-media, Smartmedia, Compact Flash card reader for reading digital camera cards. Device is recognised as internal USB disk drive. Necessary if camera cards are to be recognised as soon as they are inserted into the reader
X	disnisa	disnisa.exe	Added by the DORF-AE WORM!
X	Dispatcher	dispatcher.exe	Added by the DLOADR-AS TROJAN!
U	display	The_Eye.exe	ComSpySysSvr surveillance software. Uninstall this software unless you put it there yourself
X	Display Drivers	cssrs.exe	Added by the AGOBOT.FX WORM!
N	Display Settings	hptasks.exe	Allows for the adjustment of the display for LCD screen, CRT Monitor and TV output on HP computers
U	DisplayFusion	DisplayFusion.exe	DisplayFusion from Binary Fortress Software - "is a fantastic application that can make your dual monitor (or triple monitor or more) life much, much easier! From allowing you to use a different wallpaper on each monitor, to integrating with Flickr for image searching, to providing hotkeys for managing your application windows"
N	DisplayTrayIcon	TrayIcon.exe	System Tray access to display properties for ABIT graphics cards. Unless you change your desktop resolution, etc regularily use Control Panel -> Display
U	Disspy	disspy.exe	Disspy spyware detection and removal software
N	Distiller Assistant 3.01	DISTASST.EXE	From Adobe. Creates PDF universal files for Acrobat Reader. Available via Start -> Programs
X	Distributed File System	Dfsvc.exe	Added by the MYFIP.A or MYFIP.K WORMS!
X	Distributed File System	kernel32dll.exe	Added by the MYFIP-C or MYFIP.K WORMS!
X	Distributed File System	blade.exe	Added by the MYFIP.AC WORM!
U	Distributed File System	win.exe	Added by the MYFIP.AB WORM!
U	distributed.net client	DNETC.EXE	Dsitributed computing projects client from Distributed.net where numerous computers are used to share a projects workload - similar to SETI@Home and Folding@Home. Also prone to being distributed by viruses
Y	Dit	dit.exe	"Drive Icon and Label Utility" - assigns drive icons and names to flash memory cards. Required, otherwise the drives aren't found
X	Dit	dit.exe	Added by the LAZAR-A TROJAN! Note - this is located in the System (9x/Me) or System32 (NT/2K/XP) folder
N	DiTask.exe	DiTask.exe	Associated with an Eicon Networks ISDN or ADSL modem. System Tray icon which shows you the status of your lines (free, occupied with incoming or outgoing call). Available via Start -> Programs
?	Divamon.exe	Divamon.exe	Associated with an Eicon Networks Diva ISDN or ADSL modem - what does it do and is it required?
X	divx	divxenc.exe	Added to the SPBOT.B TROJAN!
X	Divx	codll.exe	Added by the GRAVEBOT-A TROJAN!
X	DivX MediaPlayer 7.0	Dr.DivX.exe	Added by the ALADINZ.G TROJAN!
X	DivX Player	DivXPlayer.exe	Added by a variant of the RBOT WORM!
X	DivX Updater	DivX.Exe	Added by the NALDEM TROJAN or MASTAK VIRUS!
X	DIVX Video Player	DIVXPloyer.exe	Added by an unidentified WORM or TROJAN!
X	Divx4 codec	devldr32.exe	Added by an unidentfied VIRUS! Note - this is not the legitimate Creative Labs devldr32.exe file
N	DJREGFIX	regedit /s c:hpdjregfix.reg	DJRegFix showed up first in WinME as a "clever" way to ensure that all Hewlett-Packard DeskJet printers actually worked with WinME - since most were having major problems. This "utility" adds the functionality and compatibility HP forgot to add in its WinME drivers
?	DJSNetCN	DJSNetCN.exe	"Symantec Licensing Detect Internet Connection", part of Norton Antivirus. What does it do and is it required?
X	djtopr1150.exe	djtopr1150.exe	WebRebates adware
X	dKernel	dKernel.exe	Added by the DECOY-A WORM!
Y	DkService	DkService.exe	From Executive Software's Diskeeper defragmenting utility - a replacement for Windows Disk Defragmenter. It's recommended to leave this enabled, otherwise you could have problems starting it manually.
X	DKTime	dktime.exe	Added by the LUNII TROJAN!
X	Dkware lptt01	dkware.exe	RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	Dkware ml097e	dkware.exe	RapidBlaster variant (in a "DonkeySoft" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
?	dkzzixm	dkzzixm.exe	??
Y	dla	tfswctrl.exe	Drive letter access to a UDF packet writer for CD-RW - from HP, Veritas an others. Similar to Roxio's DirectCD and does the same thing. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
U	DLA	DLACTRLW.EXE	Sonic CD/DVD burning applications
N	DlaTray	Dlatray.exe	System Tray access to DLA - Drive letter access to HP's and Veritas' version of DirectCD. Does the same thing as DirectCD. From HP - "This is a needed file as it controles the readability of the Combo drives. Without this file loading the end user will be able to burn CD's but wont be able to read them. The drive itself will be able to read store bought master Cd's without the file but not burnt ones"
N	dlbcserv	dlbcserv.exe	Related to Dell Photo Printers and provides additional configuration options for these devices
Y	DLBTCATS	rundll32 [path] DLBTtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	DLBUCATS	rundll32 [path] DLBUtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	DLBXCATS	rundll32 [path] DLBXtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	DLCCCATS	rundll32 [path] DLCCtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll). If you use the 964 printer, Dell recommends leaving dlcctime.dll in place as it fixes compatibility issues on some Dell systems. If you receive an error message on system startup that reads: "Error in C:WINDOWSSystem32spooldriversW32x863DLCCtime.dll Missing entry: RunDLLEntry" Dell offers help here
U	dlccmon.exe	dlccmon.exe	Dell Photo AIO Printer 924 device monitor
Y	DLCDCATS	rundll32 [path] DLCDtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	dlcdmon.exe	dlcdmon.exe	Dell Photo AIO Printer 944 device monitor
Y	DLCFCATS	rundll32 [path] DLCFtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	DLCGCATS	rundll32 [path] DLCGtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	dlcgmon.exe	dlcgmon.exe	Dell Photo AIO Printer 810 device monitor
Y	DLCICATS	rundll32 [path] DLCItime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
X	dlcipscl	dcpavss.exe	Added by the MAILBOT-CB TROJAN!
Y	DLCJCATS	rundll32 [path] DLCJtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	dlcjmon.exe	dlcjmon.exe	Dell Photo AIO Printer 964 device monitor
Y	DLCQCATS	rundll32 [path] DLCQtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	dlcqmon.exe	dlcqmon.exe	Dell Photo AIO Printer 964 device monitor
U	dlcqmon.exe	dlcqmon.exe	Dell Photo AIO Printer 964 device monitor
Y	DLCXCATS	rundll32 [path] DLCXtime.dll, _RunDLLEntry@16	Resolves a timing problem where a Dell service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	dlcxmon.exe	dlcxmon.exe	Dell Photo AIO Printer 926 device monitor
X	dlder	dlder.exe	Advertising spyware. Considered to be one oft the worst - even creating a fake "explorer.exe" file. Can be installed via versions of "Grokster", "Lime Wire" and "KaZaA" amongst other file-sharing utilities (see here). Reported in the past as a virus
X	DlDir1	caKe	Added by the CAKE WORM!
?	DLForcerExe	DLForcerEXE.exe	??
N	DLF_00000B00	Vcdlf.exe	Known to cause problems with "Out of memory" errors (see here). Otherwise, it's purpose is unknown
N	DLG	DLGCHBW.exe	Backweb part of Data LifeGuard - diagnostic tools for Western Digital's series of hard drives. Automatically detects an internet connection and downloads any available updates
N	DLHelperEXE	WATCH.exe	Download helper distributed with some software that allows the software installation to redirect download locations. Not required once the installation is finished
X	DLHelperEXE.exe	N/A	Downloader for Microgaming/Casino software - stealth installed
X	dlhost	dlhost.exe	Added by the EXPHOOK-A TROJAN!
X	DLINK dfe drivers for Windows NT	windfe.exe	Added by the RANDEX.AK WORM!
U	DLink System Tray	dlnetst.exe	Related to D-Link DGE-530T PCI card for servers and workstations
X	Dlite	dllmanager.exe	Added by the WOOTBOT.DN WORM!
X	Dll Boot Loader on Startup (do not remove this)	[various filenames]	Added by an unidentified TROJAN!
X	Dll Link	svchoist.exe	Added by the AUTOSKY WORM!
X	Dll Link	svchost.exe	Added by the AUTOSKY WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Documents and SettingsFavourites folder
X	DLL Manager	dllmngr32.exe	Added by a variant of the RBOT WORM!
X	DLL Service Manager	[path to worm]	Added by the RPCBOT.F TROJAN!
X	dll services	[random filename].exe	Added by a variant of the SDBOT WORM!
X	DLL32	dllmem32.exe	Added by the KWBOT.E WORM!
X	DLL32	dllhost.dll	Added by the SUCLOVE.A WORM!
X	DllCacherv2	dllcachev2.exe	Added by the LATEDA TROJAN!
X	dllcvss	[random filename]	Added by a variant of the SLAPER TROJAN!
X	dlldmt	dlldmt.exe	Added by a variant of the CRYPTER.C TROJAN!
X	DllExecutable	[path to file]	Added by the VB-SP WORM!
X	dllhelp	dllhelp.exe	Added by the STARTPAGE.DQ hijacker
X	dllhelp	dllhlp.exe	Added by the Downloader-HI TROJAN!
X	DLLHost	dllhst.exe	Added by the DELBOT-AC WORM!
X	dllhostxp.exe	dllhostxp.exe	Browser hijacker and adware downloader
X	DllLoader	lssas.exe	Added by the JE WORM!
X	Dlload	killer.exe	Added by the KILLAV-FK TROJAN!
X	dllreg	dllreg.exe	Added by the CRYPTER.A TROJAN!
X	DLLService32	dllsvc32.exe	Added by the AGOBOT.VX WORM!
X	DLLUPDATE32	dllupdate32.exe	Added by the AGOBOT.IA WORM!
N	DLM.exe	DLM.exe	IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser
N	dlmMgr	AdobeDownloadManager.exe	Adobe Download Manager - "can prevent you from having to start from the beginning should your download process be interrupted, and it offers a level of service not possible
U	DLPSP	DLPSP.EXE	Dell laser printer status monitor
X	dlsp2mx	dlsp2mx.exe	Added by the MPB-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "dlsp2mx"
?	DLT	dlt.exe	??
X	dluca	dluca.exe	Adult content dialler - see here
X	dluca	dluca.exe	Added by the DLUCA.C TROJAN!
X	dluxde	dluxde.exe	All-In-One-Telcom (adult content dialler) variant
X	Dluxjp	cnfrm.exe	Added by the DLUCA.D TROJAN!
X	Dm Hr	lpns.exe	Added by the IRCBOT.WORM.61673 WORM!
X	DM mgr	dm_mgr.exe	Added by the JITTAR TROJAN!
X	dm**.exe [ = random char]	dm**.exe [ = random char]	Wareout - malware masquerading as a spyware and dialer remover
N	DMAScheduler	DMAScheduler.exe	Related to DigitalMedia Plus Archiver. This program is non-essential process to the running of the program, but should not be terminated unless suspected to be causing problems
X	DMC	dmc.exe	Added by Trojan-Downloader.Win32.Dluca.bv TROJAN!
U	DMHotKey	DMLoader.exe	HotKey access to the Samsung Display Manager on laptops and ultra-mobiles that support it - such as the M55 and Q1
N	DMILDR	dmildr.exe	Part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely. Uses the DMI and/or common information model (CIM) protocols, which are systems management protocols defined by industry standards. Available via Start -> Programs
N	DMISL	DMISL.EXE	DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information
N	DMISLAPP	DMISLAPP.exe	DMI (Desktop Management Interface) Service Layer for Intel TokenExpress network card software. DMI support for the Intel network card managed through the Desktop Management Interface. See here for more information
?	dmjay	dmjay.exe	??
X	dmloader	dmloader.exe	Added by a variant of the RBOT WORM!
X	Dmsvc32	Dmsvc32.exe	Added by the AGOBOT.ABU WORM!
X	dmtdll	dmtdll.exe	Added by a variant of the CRYPTER.C TROJAN!
U	DmwClient	dmwclient.exe	DMW "anti-cheating" software for online gaming
U	DMXLauncher	DMXLauncher.exe	Part of Dell's Media Experience, a multimedia suite which offers the user functionality to organise and play music and digital video files
X	dm[3 random letters].exe	dm[3 random letters].exe	Added by the RUINDEM TROJAN!
X	DM_server	dmserver.exe	Comet Cursor adware
X	dm_service	[path to file]	Added by the MITGLIEDER.P TROJAN!
X	dnam	d140113.a.Stub.EXE	Added by the STUB_A TROJAN!
X	Dnar	Dnar.exe	Unknown, except that it is not necessary. Tends to phone home a lot. DMI related - see here
Y	DNE Binding Watchdog	rundll dnes.dll, DnDneCheckBindings	Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
Y	DNE DUN Watchdog	rundll dnes.dll, DnDneCheckDUN13	Deterministic NDIS Extender (DNE). DNE is an NDIS-compliant module which appears to be a network device driver to all protocol stacks and a protocol driver to all network device drivers. Part of Gilat Communications internet satellite systems. Required if you have this system. Also installed by Winproxy - a proxy program for sharing internet connections through one computer. Required if you want it to work
X	DNHelper32	DNHlp32.exe	Added by an unidentified WORM or TROJAN!
X	DNS	mc-58-12-0000080.exe	Shorty adware - also detected as the AGENT.FD TROJAN!
X	DNS	mc-58-12-0000093.exe	Shorty adware - also detected as the AGENT.FD TROJAN!
X	DNS	mc-110-12-0000079.exe	Shorty adware - also detected as the AGENT.FD TROJAN!
X	DNS	mc-58-12-0000120.exe	Shorty adware - also detected as the AGENT.FD TROJAN!
X	DNS	mc-58-12-0000140.exe	Shorty adware - also detected as the AGENT.FD TROJAN!
X	DNS	[worm filename]	Added by the CQG WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is found in the Common Files folder
X	Dns Resolver	dnsrslve.exe	Added by the RBOT-WS WORM!
X	DNS Service	dnsresolver.exe	Added by the RBOT-PQ WORM!
X	DNS Service	dnssvc.exe	Added by the DELBOT-Z WORM!
?	DNS2GoClient	dns2goclient.exe	DNS2Go is a Domain Name System that will make your computer accessible anytime, anywhere by associating a domain name of your choice to your currently assigned IP address. Is it required?
N	DNS7reminder	Ereg.exe Ereg.ini	ScanSoft (Nuance) Dragon NaturallySpeaking registration reminder. Version 7
X	DNSCacheBoost	dnsping.exe	Added by the DNSBUST-A TROJAN!
X	dnscleaner	dnscleaner.exe	CoolWebSearch parasite variant
X	dnse	dnse.exe	WinAntiVirus Pro 2007 and Privacy Protector misleading security software - not recommended, see here
?	DNXVC	dnxvc.exe	??
X	doc	doc.exe	Added by the AGOBOT-BJ WORM!
X	DocTor	Doctor.exe	Added by the DOTOR.A WORM!
N	DocuMagix Init	PWATCH.EXE	PaperMaster is an application for the PC designed to automate the process of organizing, archiving, and retrieving digital versions of files. Start manually if needed
U	Document Manager	docmgr.exe	Wave Systems Corp. Document Manager - "provides secure storage and management capabilities for file and folder level encryption"
X	Doggy Style	MsPMSPSd.exe	Added by the SDBOT-AAP WORM!
X	DOGStart	GSDOGST.EXE	Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
?	Doing	doing.exe	??
X	doit.exe	doit.exe	Added by the FORBOT-EK WORM!
X	Domain Name Resolve Service	dnsresolver.exe	Added by the KIMAN.A WORM!
X	DomPlayer Service	wakeservice.exe	DomPlayer adware
U	Don't Panic	dontpanicdemodp.exe	30-day trial version of Don't Panic privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite."
U	Don't Panic Pop-Up Stopper	dpps2.exe	Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
U	Don't Panic!	DP.EXE	Don't Panic! privacy software from Panicware. "Clean up Internet tracks and quickly hide personal documents with this privacy suite"
U	Dopus	dopus.exe	Directory Opus - a file manager from GPSoft
N	DoroServer	DoroServer.exe	Doro PDF Writer from The SZ Development. All what you need for creating pdf files
X	dos	dos64.exe	Adware downloader trojan
X	Dos Prompt Loader	cygwin.exe	Added by the SDBOT-VV WORM!
?	Dosbat	??	??
X	Dot1XCfg	Dot1XCfg.exe	Detected by PCTools as Maxfiles adware - see here
U	DoubleDesktop	dd.exe	"DoubleDesktop is a smart and elegant system tray utility that effectively doubles the width of your Windows desktop"
N	DoUWantIt	duwi.exe	DoUWantIt - online shopping assistant. Start it manually
X	Dowmingzu	Dowmingzu.dll.vbs	Added by the SOLOW-E WORM!
X	down	hlp32.exe	Added by the DLOADER.BG TROJAN!
X	down	[trojan filename]	Added by the Small-QJ TROJAN!
U	Down2Home	Down2Home.exe	Down2Home - "monitors your ADSL/Cablemodem/Dialup traffic and provides you with usefull statistics about the amount of data your PC has transferred"
N	Download Accelerator Manager Free Edition	dam.exe	Download Accelerator Manager Free Edition from Tensons Corp
N	Download Accelerator Plus 5.0	DAP.exe	Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
X	Download Plus	DownloadPlus.exe	DownloadPlus adware
N	Download Wonder	DownloadWonder.exe	Download Wonder from Forty Software. Download manager for resuming downloads, amongst other features
N	DownloadAccelerator	DAP.EXE	Download Accelerator Plus from Speedbit. Download manager for resuming downloads, amongst other features. Available via Start -> Programs. Note that the free version is adware based
X	DownloadLegalMusic	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	DownloadMP3	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	DownloadWare	dw.exe	DownloadWare adware
X	DownloadWare Engine	Dwe.exe	DownloadWare adware
X	Downxz	Downxz.bat	Added by the MYDOOM.W WORM
N	DPAgnt	DPAgnt.exe	digitalPersona fingerprint scanner
U	DPAS	DPASNT.exe	DefenderPro AntiSpy - spyware remover
U	DPASUpdate	DPASAutUpdate.exe	Automatic updates for DefenderPro AntiSpy - spyware remover
U	DPASUpdate	DPASAutoUpdate.exe	Defender Pro Antispy
Y	Dpcnav	dpcnav.exe	DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access
N	DPConfig	DPConfig.exe	Compuware DevPartner Studio Configuration Utility, a tool for software developers - System Tray access to configure the utility's analysis. Not required at startup, can be launched from the Start Menu programs group when needed
X	dpcproxy	dpcproxy.exe	Added by the GOLDENP-A TROJAN!
Y	DPCProxyLoadOnStartup	dpcstart.exe	DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access
Y	Dpcstart	dpcstart.exe	DirecWay from DirectTV (now HughesNet) - satellite based high-speed internet access
X	dpi	dpi.exe	Delfin Media Viewer or "Promulgate" adware
X	dpnsvr32	dpnsvr32.exe	Added by the AOLPASS-B TROJAN!
U	dpps2	dpps2.exe	Pop-Up Stopper Companion from Panicware. Pop-up blocker integrated into the IE toolbar. Note that the Pro version doesn't load in startup as it is installed as an Internet Explorer toolbar. Can cause problems with IE if you use WinXP and uninstall Service Pack 1. Uninstalling the software leaves it in the startup group
X	dps	dps.exe	SmartestSearch parasite - poses as a foistware, bogus adware/spyware remover called "scumware-remover"
N	dptracker	dptracker.exe	CamTrack webcam software that enhances the way people video chat
U	DpUtil	TEDTray.exe	Main executable for TOSHIBA DualPoint Utility Main Module. It is a system tray icon program that provides configuration options for dual pointing device
N	Drag'n'Drop_Autolaunch	Autolaunch.exe	Iomega HotBurn - CD-RW burning software
?	DragDrop	DragDrop.exe	??
N	DragnDrop_Autolaunch	Autolaunch.exe	Iomega HotBurn - CD-RW burning software
X	DRam Monitor 23	tskman3.exe	Added by a variant of the RBOT WORM!
X	DRam prmaessor	[random filename]	Added by the RBOT.CSG WORM!
X	DRam prosesor	[random filename]	Added by the SPYBOT.EE WORM!
X	DRam prosessor	[random filename]	Added by the RBOT.CSG WORM!
X	DRam prosessor	plscd.exe	Added by the RBOT.CYA WORM!
X	DRam prosessor	HWAPI.exe	Added by a variant of the RBOT WORM! Note - this is not the McAfee HackerWatch process which has the same filename
X	DRam prosessor	WindowsUpdate.exe	Added by the RBOT-BBZ WORM!
X	DRam rar proc	winupdaterar.exe	Added by a variant of the IRCBOT TROJAN!
X	DRam rare proc	updaterarwin.exe	Added by the RBOT-GQW WORM!
X	DRan posessor	DAP.exe	Added by a variant of the SDBOT WORM!
X	DrCache	MSTDC.EXE	Added by the JM TROJAN!
X	dreams	server.exe	Added by a variant of the SDBOT WORM!
X	DrefIW	SysDrefIWv2.exe	Added by the DREF-C WORM!
X	DrefIW	SysDref.exe	Added by the DREF-D WORM!
?	dregfix	ph_finder.exe	??
N	DrgToDsc	DrgToDsc.exe	Part of Roxio EasyCD Creator 6.0 - places the Roxio Drag-to-Disc icon in you system tray. "Easily drag and drop files for burning to CD or DVD. Disc formatting and burning will happen automatically". Not required for Roxio to work properly
?	dried.exe	dried.exe	??
N	DriveCleaner 2006 Free	UDC2006.exe	DriveCleaner is a security assesment tool which gives exaggerated reports of security and privacy risks on a computer. The program then prompts the user to purchase a registered version of the software in order to remove the reported risks
X	DriveCleaner Free	UDC.exe	DriveCleaner misleading security program - not recommended, see here
U	DriveIcons	DriveIcon.exe	Drive Icons from Realtek - shows a specific icon for each card type for their card reader controllers
U	DriveLED	OODLed.exe	O&O DriveLED - hard disk monitoring and crash prevention
X	Driver	gbot.exe	Added by the JUNTADOR.K TROJAN!
X	Driver32	Scam32.exe	Added by the SIRCAM WORM!
X	DriverCheck	svchost.exe	Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder
X	DriverDB	svcmdx32.exe	Added by the BERPI TROJAN!
X	DriverLoad	svchost.exe	Added by the DELF-KR TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a C:DriverLoad folder
U	DriverMagicLogon	dmschedule.exe	Part of DriverMagic - "the easiest way to locate device drivers"
X	DriverModule	csrnvrt.exe	Added by the IRCBOT.I TROJAN!
X	DriverPath	system32.exe	Added by the PRORAT-S TROJAN!
X	Drivers for Internet Explorer	accesweb.exe	Added by freewebs.com hijacker!
N	DriveSelect	driveselect.exe	DVD X Copy XPress by 321 Studios. Creates a pop-up at Windows startup that asks for the DVD drive to be selected. Available via Start -> Programs
U	drkly16j	rundll32.exe drkly16j.dll, ServiceCheck	KidsWatch Time Control parental control software
U	dRMON SmartAgent	SmartAgt.exe	Part of the network monitoring program group for 3Com NIC cards. See here for more info
X	drmsrv32	stmhosts.exe	Added by the AGENT.AGWU TROJAN!
X	drmu	W95Mm.exe	Homepage hijacker installing a toolbar: http://tdko.com/. Lop.com in disguise
X	Drmupgds	Drmupgds.exe	Detected by PCTools as Maxfiles adware - see here
X	drocher	d.exe	Adult content dialler
X	DropSpam Lifestyle	dslifestyle.exe	Dropspam adware
X	drvddll.exe	drvddll.exe	Added by the BEAGLE.AP WORM!
X	Drvddll_exe	drvddll.exe	Added by the BEAGLE.X WORM!
U	DrvIcon	DrvIcon.exe	"Vista Drive Icon changes the drive icons shown in Windows "My Computer", to a nearly Vista drive icon, showing the drive's free space with a smooth colored horizontal bar"
?	DrvListnr	DrvListnr.exe	Analog Devices SoundMAX soundcard related. What does it do and is it required?
U	drvlsnr	drvlsnr.exe	Compaq/ADI SoundMAX integrated digital audio controller related. May solve a problem if your sound cuts out unexpectedly
U	DrvMon.exe	DrvMon.exe	Alcor drive monitor software
X	drvnetw	drvnetw.exe	Added by the BROGGER-B TROJAN!
X	drvr32h	drvr32h.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	drvrmanager	drvrquery32.exe	Added by the BOOHOO WORM!
X	drvsys.exe	drvsys.exe	Added by the BEAGLE.W WORM!
X	drvsyskit	hidr.exe	Added by the BAGLE.HR WORM!
X	drvupd	rundll32 ..drvupd.inf	Hijacker - drvupd.inf file installs a "searchforge.com" hijack
X	drv_st_key	hidn.exe	Added by the BEAGLE.FF WORM!
X	DrWatson	drwatson_.exe	Added by the LOHAV-S TROJAN!
X	DrWatson	drwatson_32.exe	Added by the LOHAV-S TROJAN!
X	DrWeb Antivirus	DRWEBAV.EXE	Added by an unidentified WORM or TROJAN!
Y	Drwebscheduler	Drwebscd.exe	DrWeb antivirus related - scheduler that allows you to manage an automatic launch of applications, in particular the antivirus scanner or the update subsystem
X	DR_S	DR_S.exe	AdShooter adware
X	ds	ds.exe	Added by the SPYMON TROJAN!
U	DS Clock	dsclock.exe	Digital desktop clock including synchronization with atomic servers - see here
X	dsa	dsa.exe	Homepage hijacker - redirecting to downseek.com
X	DSAcass	[path to file]	Added by the RANKY.M TROJAN!
X	dsadlsa14	dsakfsak14.exe	Added by the ONLINEG-P TROJAN!
X	DSB	DSB.exe	EnergyPlugin adware
U	dscactivate	dsca.exe	Dell Support Agent offers additional support and update features for your Dell computer or laptop
X	dsd	zz.exe	Added by the RBOT-FOX WORM!
N	DSentry	DSentry.exe	Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
X	Dsi	dp-******.exe	Added by an unidentified adware where ****** are random characters
X	Dsi	dp-him.exe	Added by the MULTIDR-AH TROJAN!
X	Dskcompat	Dskcompat.exe	Added by the GEMA TROJAN!
U	DSKEY	DsKey.exe	Part of PC PhoneHome - "secretly sends an invisible email message to an email address of your choice containing the physical location of your computer every time you get an Internet connection". Security software from Brigadoon Security Group for tracking down lost/stolen computers
X	DSKEY	[path to trojan]	Added by the STARTER-G TROJAN!
N	DSL Monitor	spdstrm.exe	Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
Y	DSLagentexe	DSLagent.exe	Used in conjunction with USB connected ADSL modems from Eicon Networks (as used by BT for its Broadband internet service for example). Required for a permanent ADSL connection
Y	dslmon	dslmon.exe	Sagem DSL modem related. Apparently needed to detect the modem
U	DSLSTATEXE	dslstat.exe	System tray connection status for ADSL modems from Eicon Networks (as used by BT Broadband for example)
X	DsmSer	dsm.exe	Added by the SERFLOG.B WORM!
X	DsmSer	msmpatch.exe	Added by the SERFLOG.B WORM!
X	DsmSer	svosm.exe	Added by the SERFLOG.B WORM!
X	DsmSer	sysup.exe	Added by the SERFLOG.B WORM!
X	DsplObjects	windspl.exe	Added by the BEAGLE.DN WORM!
X	DSS	dssagent.exe	DSSAgent by Br?derbund - spyware. Sends encrypted emails about the system back to the originators of the program. Also a resource hog. See here for more info
X	DSS	[path to trojan]	Added by the DSSDOOR-C TROJAN!
X	DSService	dmrss.exe	Added by the AGOBOT-XX WORM!
?	DSSSGENS	dssagens.exe	??
X	dstiosys	plsitctl.exe	Added by the MAILBOT-BX TROJAN!
X	DSystemDriver	windrv.exe	Added by the DELF.WG TROJAN!
U	DT HPW	DTHtml.exe	Display Tune from Portrait Displays, Inc. - "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface and the user is guided, step-by-step, through the entire initial tuning process." Also licensed and renamed by manufacturers such as Gateway and HP
N	DU Meter	DUMETER.EXE	Hagel Technologies internet bandwidth monitor
U	DualCoreCenter	StartUpDualCoreCenter.exe	Unified control center for overclocking both the graphics card and the CPU, but for the program to have its full functionality you must have an MSI mainboard with a CoreCell chip
X	duck	duck.exe	Added by the AGOBOT-AVG WORM!
N	Dulux WeatherShield WeatherDesk	weather.exe	Dulux WeatherShield WeatherDesk - latest weather information from across Australia
X	Dumeter Services	dumeter.exe	Added by the SDBOT-AEQ WORM!
X	dumprep	spoolc.exe	Detected by Kaspersky as a variant of the AGENT.CXF TROJAN!
N	dumprep 0 -k	dumprep 0 -k	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
N	dumprep 0 -u	dumprep 0 -u	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
X	DUN_SERVICES3	dun3.exe	Added by the SOKIRON TROJAN!
X	Duweculey	yujixit.exe	Added by the SDBOT.BRP WORM!
X	Duwee wong Cerbon	Cirebons.exe	Added by the BHARAT.A WORM!
N	dvd43	DVD43_Tray.exe	DVD43 is "a small tool that integrates into Windows and overrides CSS copy-protection found on DVD movies"
U	DVD43	DVD43.exe	DVD43 is a small tool that overrides CSS copy-protection found on DVD movies
X	dvd98	windvd98.exe	Added by the CULT.P WORM!
U	DVDBitSet	DVDBitSet.exe	DVD+RW Drive/Disc Compatibility Setting. Installed with HP DVD+RW drives to enhance compatibility with existing readers. You can also set a DVD+RW default drive write mode which is always used
?	DVDCheck	DVDCheck.exe	Related to an Intervideo program. What does it do and is it required in startup?
X	Dvdcompat	Dvdcompat.exe	Added by the GEMA TROJAN!
N	DVDLauncher	DVDLauncher.exe	Part of Cyberlink's Power Cinema - allows you to play DVDs upon insertion
N	DVDSentry	DSentry.exe	Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
N	DVDTray	DVDTray.exe	HP CD/DVD Tray icon installed with the DVD writer software. Periodically checks for new drive firmware
N	DVDUpgrade	DVDUpgrd.exe	Microsoft program to upgrade your DVD decoder program - see Q306331. Available via Start -> Programs
N	DVDXGhost	DVDGhost.EXE	DVD Ghost - "utility to make your software DVD players and DVD copy/backup softwares restriction-free, and copy/backup DVD to hard disk"
U	dvHighMem	cfgmng32.exe	Related to PureSight PC - designed to offer maximum flexibility and choice as families manage their internet use
Y	Dvp95	Dvp95.exe	Scan engine for F-Secure and Command antivirus software based on the F-Prot AntiVirus engine
Y	dvpapi9x	DVPAPI9X.exe	Command AntiVirus for Windows 95/98/Me
Y	DvpInitExe	Dvpinit.exe	Command Antivirus related
Y	dvprpt	Dvprpt.exe	Command Antivirus related
X	dvraudio	dvraudio.exe	Added by a variant of the CRYPTER.C TROJAN!
X	dvsfss	fbsfsdrs.exe	Added by the SDBOT-QA WORM!
U	DVSync	dvsync.exe	DVSync is the program that allows you to synchronize your daVinci's PDA's data with your Personal Information Manager on the PC
X	DvVideo32	dvvid32.exe	Detected by Trend Micro as the TINY.FD TROJAN! See here
X	Dvx	wsxsvc.exe	Delfin Media Viewer or "Promulgate" adware variant
X	dw	dw.exe	DownloadWare adware
N	DW4	Weather.exe	Desktop Weather
N	DW4	DesktopWeather.exe	Desktop Weather 4 by The Weather Channel - provides current temperature, conditions, alerts, etc
U	DWHeartbeatMonitor	DWHeartbeatMonitor.exe	DWHeartbeatMonitor.exe is installed alongside the Weather.com instant messaging utility. This is a non-essential process. Disabling or enabling this is down to user preference
N	DwlClient	support.exe	Download manager for Dell support alerts
Y	DWQueuedReporting	dwtrig20.exe	Related to System Event Notification Services from Microsoft. Required for Efficient Mobile Network Computing
N	dwStart	FireWall.exe	The Shield firewall from pcsecurityshield.com. Not recommended by some (see here) and there are better free alternatives out there such as Zone Alarm
X	DW_Start	rwwnw64d.exe	Identified as a variant of the AdWare.Win32.ZenoSearch.am malware
X	Dx	sys.exe [ = random number]	Added by the DEXTER.A WORM!
X	Dx8compat	Dx8compat.exe	Added by the GEMA TROJAN!
X	dxdiag diagnose	msidxdia.exe	Added by a variant of the RBOT WORM!
X	dxdiags.exe	dxdiags.exe	Added by the CERTIF-G TROJAN!
X	DxDialog	dxdlg32.exe	Added by the VB-CXT TROJAN!
X	dxdll32	ntxdll.exe	Added by the GAOBOT.CPX WORM!
N	DXDllRegExe	dxdllreg.exe	Created when you select "Yes" to check the "WHQL Digital signatures" in the DirectX9 files at the first time you open it
X	DxLoad	DX3DRndr.exe	Added by the GIBE.B WORM!
N	DXM6Patch_981116	p_981116.exe	Win32 cabinet self extractor. More info here
X	dxmsrv	dxmsrv.exe	Added by an unidentified WORM or TROJAN!
X	Dxsty	Dxsty.exe	Added by the GEMA TROJAN!
X	Dxupdate.exe	Dxupdate.exe	Added by the MAFEG WORM!
X	dxvid	dxvid.exe	Added by Trojan-Downloader.Win32.Dluca.by TROJAN!
X	DyFuCA	optimize.exe	Adult content dialler - see here
X	DyFuCA Active Alert	actalert.exe	Adult content dialler - see here
X	Dynamic DHCP	dydhcp.exe	Added by the RINBOT.B TROJAN!
X	Dynamic Dns Binary	dynitora.exe	Added by the RBOT-WT WORM!
X	Dynamic Dns Binary	CMD16.EXE	Added by the RBOT-XM WORM!
X	Dynamic Dns Binary	winxp34.exe	Added by a variant of the RBOT WORM!
X	Dynamic Dns Binary	WinHelpcfn.exe	Added by a variant of the RBOT WORM!
X	Dynamic Link Library loader	Loader32.exe	Added by the KOL TROJAN!
U	DynDNS Updater	DynDNS.exe	Dynamic DNS IP address updater tool, used as a client for Dynamic DNS service providers such as http://www.DynDNS.org
N	DynDNS-Updater Traytool	ddutray.exe	DynDNS updater tray icon - allows easy configuration of the Dynamic DNSSM service. Can be run manually
X	DynHttp Dns Binary	dynizari.exe	Added by a variant of the RBOT WORM!
U	DynSite	DynSite.exe	DynSite - dynamic DNS client, also called an automatic IP updater
U	Dynu Basic Client	dynubas.exe	Dynu online dynamic IP update client. Useful when using a dial up modem
?	DZKillMe	DZSAVEME.EXE	??
U	D_V_T	dvt.exe	DICOM Validation Tool - "DICOM is increasingly being used as the standard communication mechanism when integrating various medical products in a hospital environment"
?	D_V_T	dvt.exe	Installation could be a crack/hack to NOD32 here. Seen and removed in many logs. Investigate it further and if this file is present C:d_v_t.reg then it should be fixed. Not to be confused with the DICOM entry here. Both files are located in the Windows/Windir directory
X	E-Card	ecard.exe	Added by the YODI WORM!
U	E-color	IconMgr.Exe	Sets the colour of your monitor when running games that recognise E-Color so that you get 'what the game designer intended' when you see the game. Also allows monitor callibration through a program called 3-Deep. If you play a lot of games it can be useful. Can be disabled from starting up from within the program
X	E-nrgyPlus	E-nrgyPlus.exe	Added by the Energyplus TRACKWARE! Tracks internet activity including websites visited and queries made at popular search engines. This information along with some system information is sent to a remote site
X	e-Surveiller Station	estation.exe	ESurveiller spyware. Note - ESurveiller is spyware that monitors and records keystrokes and mouse clicks, instant message conversations, Internet activity and applications used, must be manually installed
U	E06DXLRD_7604703	EDICT.EXE	Related to Microsoft Encarta dictionary functions
N	E6TaskPanel	TaskPanl.exe	Earthlink Task Panel - part of Earthlink TotalAccess 2003 internet access software. Quick access to internet, E-mail and web-space
N	EA Core	Core.exe	Electronic Arts EA Link software - "gives you a secure yet simple way to download EA PC games and patches, as well as other exclusive content"
U	eabconfg.cpl	EabServr.exe	Easy Access Buttons control panel on Compaq laptops. Only required if you use the extra keys
X	Eac Download	download.exe	Webcelerator from eAcceleration speeds your Web browsing by both remembering where you have been and anticipating where you will go. Only needed if you find it improves web browsing. Now no longer available and supported and when available was classed as spyware - see here
U	EACLEAN	eaclean.exe	For Compaq PC's. Easy Access button support for the keyboard
X	Eac_Cnry	canary.exe	Added by the CANARY TROJAN!
?	Eac_rnvdl	ANTIVIRUS_INSTALL.EXE	??
U	EanthologyApp	EANTHO~1.EXE	eAcceleration Stop-Sign security software related. Previously not recommended, see here
U	EanthologyApp	eanthology.exe	eAcceleration Stop-Sign security software related. Previously not recommended, see here
U	eanthology_install.exe	eanthology_install.exe	eAcceleration Stop-Sign security software related. Previously not recommended, see here
U	eanth_critical_update_alert	sys_alert.exe	eAcceleration Stop-Sign security software related. Previously not recommended, see here
U	eanth_system_patcher	sys_alert.exe	eAcceleration Stop-Sign security software related. Previously not recommended, see here
N	Eapcisetup	sbsetup.exe	Rockwell RipTide soundcard application software. Sound works without it
N	EAPCISETUP	wizard.exe	Part of the Creative Sounblaster PIC Installation Wizard. Probably left as a result of a failed installation
Y	Earthlink Protection Control Center	elnk_pcc.exe	EarthLink Protection Control Center - "powerful, integrated security program makes it easier than ever to protect yourself against viruses, spyware, and hackers-all from one convenient location"
N	EarthLink ToolBar 5.0	etoolbar.exe	EarthLink Toolbar is a tool to help you get to all of the resources of the internet. EarthLink 5.0 Setup adds a few basic buttons to the Toolbar, but you can delete these or add more buttons any time
U	Easy Key	easykey.exe	For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
N	Easy Start Button	esb.exe	Provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
U	Easy-PrintToolBox	BJPSMAIN.EXE	A utility to launch the applications that are bundled with a Canon bubblejet printer
X	EasyAV	EasyAV.exe	Added by the NETSKY.S or NETSKY.T WORMS!
X	EasyDates	EasyDates.exe	Premium rate adult content dialler
X	EasyDates_gb	EasyDates_gb.exe	"Edate-A" premium rate adult content dialler
X	EasyDates_nl	EasyDates_nl.exe	Adult content dialler
U	EasyKey	easykey.exe	For programming of the built-in functions keys on some laptops (and maybe desktops). Required if these are used
U	EasyKeyboardLogger	EasyKeyboardLogger.exe	EasyKeyLogger keystroke logger/monitoring program - remove unless you installed it yourself!
U	EasyLinkAdvisor	LinksysAgent.exe	Linksys EasyLink Advisor - "the free application that provides and easy way to setup, view, manage, and repair your network"
U	EasyMessage	em2.exe	Easy Messenger, instant messenger for MSN, AOL, ICQ, and Yahoo. See here
X	EasySearchBar	ESBUpdate.exe	EasySearchBar adware downloader
X	easyServ	Server.exe	Added by the EASYSERV TROJAN!
X	EasySpywareCleaner	EasySpywareCleaner.exe	EasySpywareCleaner spyware remover - not recommended, see here
U	EasySync Pro	XCPCMenu.exe	EasySync Pro is a Lotus (now owned by IBM) program for synchronizing a PDA with Lotus Notes
U	EasyTuneIII	EasyTune.exe	Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
U	EasyTuneIV	ET4Tray.exe	Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
U	EasyTuneV	GUI.exe	Tuning (overclocking) utility for Gigabyte motherboards. Shortcut available
X	easywww	easywww2.exe	Added by an unidentified VIRUS, WORM or TROJAN!
U	eAudio	eAudio.exe	Acer eAudio Management provides centralized control over notebook audio, and specialized audio modes for movies, music and games
X	EbatesMoeMoneyMaker	wjview ...Code	Ebates adware
X	EbatesMoeMoneyMaker0	EbatesMoeMoneyMaker0.exe	Ebates adware
X	eBay Toolbar	EBAYTBAR.EXE	eBay Toolbar - reportes as spyware as it "phones home"
U	eBayToolbar	eBayTBDaemon.exe	eBay toolabar related - also contains eBay account Guard which monitors for fraudulent eBay sites
X	ebmmm	ebatesmmmv.exe	Ebates adware
U	eBoard	Eboard.exe	eMachines multimedia keyboard manager. Required if you use the extra keys
N	eBot	DownloadWizard.exe	eBot from Digital River - "helps ensure your computer always has the latest technology, fixes, add-ons, upgrades and 'cool stuff'." Can optionally be installed with software such as Net Nanny internet filtering software. Available via Start -> Programs
U	EC21	EZQ.EXE	Related to EC21. "EC21 is the world?s largest B2B marketplace to facilitate online trades between exporters and importers from all around the world"
U	ECenter	gtb.exe	Dell E-Center/Google Toolbar related
N	ECenter	EULALauncher.exe	End User License Agreement (EULA) launcher - related to Dell E-Center/Google Toolbar
X	ecko	claro.exe	Added by the DLOADR-AQJ TROJAN!
?	ecpe	ECPE.EXE	??
U	eDataSecurity Loader	eDSloader.exe	Part of Acer Empowering Technology. "Acer eDataSecurity Management is a handy file encryption utility that protects files from being accessed by unauthorized persons, using passwords and advanced encryption algorithms"
N	edexter	edexter.exe	eDexter supplements internet filtering by substituting local images for filtered images in order to prevent browser stalls and other annoyances. Can be activated manually when starting the browser
X	editpad	editpad.exe	Added by the CONSPER-B TROJAN!
N	EDLoader	DTLoader.exe	Effective Desktop from MiniStars Software - desktop management software no longer being supported
U	eDonkey2000	edonkey2000.exe	File sharing network - not recommended as the free version of this application should be avoided as it installs, without permission, New.Net, Webhancer, WebSearch Toolbar and WinTools
U	EDRestore	??	Set Point from Easy Desk Software - "small utility that automatically sets System Restore points for WinME/XP"
X	educational writer	[random filename]	Added by the RBOT-LZ WORM!
U	Edwizard	Edwizard.exe	SafeGuard Easy - "provides total company-wide protection for sensitive information on laptops and workstations. Boot protection, pre-boot user authentication and hard disk encryption using powerful algorithms guarantee against unauthorized access and hacker attacks"
X	EDxMC110	Isass.exe	Added by the VB-NIA WORM!
X	Edzy AntiVirus	dppsfa.exe	Added by a variant of the RBOT WORM!
N	EEventManager	EEventManager.exe	Part of the Epson Creativity Suite supplied with their multi-function printer/scanners, Event Manager launches File Manager or PageManager for EPSON automatically when you press the B&W Start or Color Start button on the control panel in Scan mode
X	Efata	[random 5 characters].exe	Added by the FLUKAN-D WORM!
U	eFax 4.2	J2GDllCmd.exe	eFax Messenger fax software
U	eFax DllCmd	J2GDllCmd.exe	eFax Messenger fax software
N	eFax Tray Menu	HotTray.exe	eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here
U	eFax Tray Menu	J2GTray.exe	eFax Messenger fax software tray menu
N	eFax.com Tray Menu	HotTray.exe	eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here
X	efaxs lptt01	efaxs.exe	RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	efaxs ml097e	efaxs.exe	RapidBlaster variant (in a "efaxs" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
U	EFI Hot Folders	hffw.exe	"EFI Hot Folders improves productivity by simplifying the printing of PostScript and PDF files into a select, drag, and drop process. Once users create Hot Folders with different printing and finishing parameters, files are printed without opening an application or print driver menu." Part of EFI's high-end printing solutions
U	EFI Job Monitor	[path] efjm.dll,run	Ricoh Imagio Printer/Scanner driver status monitor
U	Efpap.exe	Efpap.exe	Easy File & Folder Protector. Deny access to certain files and folders, or to hide them securely from viewing and searching
U	egui	egui.exe	User interface for ESET NOD32 Antivirus and Smart Security
X	ehSched	ehSched.exe	Added by the SDBOT-DHF WORM!
U	ehTray	ehtray.exe	Microsoft Media Center Tray Icon gives easy access to the digital media manager for Windows Vista Home Premium and Media Center Edition
X	ei10.exe	ei10.exe	Added http://www.sophos.com/security/analyses/viruses-and-spyware/w32agobotnk.html" target=_blank>AGOBOT-NK WORM!
U	Eicon NetworksLAN_DAEMON	watch.exe	Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
U	Eicon TechnologyLAN_DAEMON	watch.exe	Associated with an Eicon Networks ISDN or ADSL modem. Watch protocols your connection with numbers and duration. You need callvu.exe (from Start Menu) to see your connection statistics. You can manually start watch.exe before you go online. Needs diinfo.exe (started by DiTask) to work correctly which can be started manually
X	eixfi	china.bat	Added by the WCUP.A WORM!
U	Elbycheck	ElbyCheck.exe	From Elaborate Bytes who make CloneCD - monitors the installed filters of CD-ROMs/DVD-ROMs. Note - under Win2K removing this from startup causes the CD drive in the computer to not be recognized in the OS and after rechecking it prompts that the driver has been corrupted and asks you to restart the computer to fix it
U	Electron Microscope	EMIII.exe	Electron Microscope or EM - is a program used to track Stanford's distributed computing program client called Folding at Home, FAH. It will monitor up to 50 clients and give you the details about each client's progress as the FAH client runs. EM will also show you what each change in the protein looks like as the process continues
X	Element	Element.txt	Added by the ELEM TROJAN!
X	element furth	[path] repcale.exe [path] palsp.exe	Added by a variant of the RANDON.AN WORM!
X	elitemedia	elitemediapop.exe	Added by the LOWZONE-BB TROJAN! Also known as Elitebar/EliteToolbar/EliteSidebar adware
N	elm	Elmenv.exe	ViaTech eLicense for securing, distributing and selling music online
X	ELNKProxy	smproxy.exe	Surfmonkey adware
U	ELSA WINman Suite	Winmsuit.exe	Allows you to totally customize your ELSA graphics card settings, including overclocking the GPU
Y	ElsaCapiCtl	Rcapi.exe	Assumed to stand for Remote Common Application Programming Interface (RCAPI), this was installed with an Elsa Microlink ISDN modem. If it is not there you can not bring up the dialog box which is sometimes needed to reset the modem
U	ELSAChipGuard	elsavect.exe	ChipGuard for ELSA graphics cards - monitoring solution which monitors both the GPU temperature and fan speed, and will halt the system if either are at dangerous levels and restore the default clock speeds upon reboot. Leave enabled if overclocking
U	ELSBLaunch	ELSBLaunch.exe	EarthLink SpamBlocker
N	EMA.exe	EMA.EXE	Time management system which helps you to manage your time and appointments
U	eMachines eBoard	Eboard.exe	eMachines multimedia keyboard manager. Required if you use the extra keys
Y	Email Protection	emlproxy.exe	AntiVirus Quick Heal - E-mail protection
Y	EmailScan	mcvsescn.exe	Related to McAfee AntiVirus suite - used to automatically scan incoming e-mails
X	eMakeSV	EMAKESV.EXE	"Switch" adult content dialer
X	eMakeSV	EMAKE2B.EXE	"Switch" adult content dialer
U	EMBASSY Trust Suite Secure Update	AutoUpdate.exe	Updates for Wave Systems Corp. Embassy Trust Suite - "delivers advanced levels of security to the client PC using the TPM security chip found on most enterprise PCs today"
X	eMCryT Sh3ars Panagers	[path to worm]	Added by the RBOT-AWI WORM!
U	EMMeter	EMMeter.exe	"Express Meter provides detailed information about how your software assets are being used. With Express Meter you can monitor application usage, identify software usage patterns, and control application launches?all of which can help you make better decisions about your IT investments"
X	emoc0re	emo.exe	Added by the AGOBOT-AGE WORM!
U	emoze	emoze.exe	emoze pcConnector - "Push your personal & business emails, contacts & calendar directly to your mobile device!"
X	empin	e121307.exe	Delfin Media Viewer adware related
X	empin	e121307.Stub.exe	Delfin Media Viewer adware related
U	Empowering Technology Launcher	eAPLauncher.exe	Empowering Technology Launcher, installed on Acer computer
X	emsw.exe	emsw.exe	Attune HelpExpress - spyware. Disable and uninstall - see here
X	emule	emule.exe	Added by the RBOT-ALZ WORM!
N	eMule	emule.exe	eMule peer-to-peer file sharing client. Located in an eMule subdirectory of the Program Files directory
N	eMusicClient Systray	eMusicClient.exe	eMusic MP3 download software
U	EM_EXEC	EM_EXEC.EXE	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
N	EN4060C Taskbar	en4060ct.exe	Comes with Efficient Networks DSL Modems. Little red/green/yellow flashing icon in system tray
X	enBrowser	[name of file]	WINBO adware
?	encapsulated command tool	wintr.com	??
N	Encarta Dictionary Quickshelf	QSHLFED.EXE	Provides quick access to Encarta's Dictionary features?
N	ENCMONITOR	monitor.exe	The Encompass Monitor. This program is the Connect Direct Program. It is more trouble than it is worth and few use it
N	Encoder Agent	WMENCAGT.EXE	MS Windows Media Encoder, which already has a shortcut in the Start Menu if installed
U	Encompass_ENCMONTR	ENCMONTR.EXE	Optional simple browser from Yahoo (Encompass)
?	ENCSurf	surfboard.exe	??
N	Energizer FileSaver	Energizer FileSaver.exe	Energizer FileSaver - UPS back-up utility for Energizer UPS products. From their Tech Support staff this is known to have a memory leak since it's release - with no fix planned! It will grab 2-5 handles per second and crash the average system in less than 3 days - therefore not recommended
X	EnergyPlugIn	EnergyPlugin.exe	EnergyPlugin adware variant
U	enginecs2	enginecs2.exe	Cyber Sentinel - internet filtering software
Y	EngUtil	EngUtil.exe	Part of Roxio EasyCD Creator 6.0 - corrects any modification made to the Roxio Engine, it exits after checking
X	Enh Win Updt	enhupdt.exe	Adware - detected by Kaspersky as the ONECLICKNETSEARCH.H TROJAN!
X	enhance32	enhance32.exe	Added by the CRYPTER.A TROJAN!
N	EnigmaPopupStop	EnigmaPopupStop.exe	Part of Enigma SpyHunter - not recommended, see note
?	ENSApServer2_0	APSERVER.EXE	Intel AnyPoint Wireless II Home Network related. Now discontinued. What does it do and is it required?
?	ENSMIX32.EXE	ENSMIX32.EXE	Sound card driver. Is it required?
U	EnsoniqMixer	starter.exe	Puts the Ensoniq mixer in system tray. From Ensoniq Technologies "Our mixer is a critical part of the soundcard as it fixes sound problems and replaces the MS mixer which can no longer be used". If you find you don't need it - try one of the solutions on this special page. Similar to Creative PCI Audio Configuration Utility
U	Entbloess 2	Entbloess2.exe	Related to Window-Switcher (now Reflex Vision) - it allows you to see previews of all your open applications via a single keystroke in a manner similar to Apple's Expos?, for Windows 2K/XP
U	Enterra Icon Keeper	IcnKeepr.exe	Icon Keeper - "tool to save and restore icon positions on the desktop"
X	Enumerate Service	wsys.exe	Added by the MANIFEST TROJAN!
Y	EnvyHFCPL	EnMixCPL.exe	VIA Envy24 PCI Audio Controller driver
U	eonemng	eOneMng.exe	eOne Manager, provides access to the buttons on the keyboard and on the front of the console for the eMachines eOne PC
U	EOUApp	EOUWiz.exe	Intel ProSET Wireless related - provides additional configuration options for these devices
U	EOUWiz	EOUWiz.exe	Intel ProSET Wireless related - provides additional configuration options for these devices
U	EPM-DM	epm-dm.exe	Device Manager - part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
U	ePowerManagement	ePM.exe	Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
U	ePower_DMC	ePower_DMC.exe	Part of Acer Empowering Technology. "Acer ePower Management is a straightforward interface that allows users to select from pre-configured power usage profiles, or to create their own customized profiles"
U	EPoXUSDM	USDM.EXE	EPoX Universal Serial Data Monitor - a diagnostics tool that shows Temps, Fan Speeds, Voltages...etc
N	ePrint 3.0 Service	EPRINT3.EXE	LEADTOOLS ePrint file conversion software - "convert any file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT, Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually
N	ePrint 4.0 Service	EPRINT4.EXE	A component of the "LEADTOOLS ePrint File Conversion Software - Convert ANY file to and from over 150 document and image formats including searchable PDF, DOC, HTML, TXT , Multi-page TIFF, JPG, GIF, PNG and many more!" Can be started manually
U	ePrompter	ePrompter.exe	ePrompter - E-mail notification software
N	EPS	e_srcv02.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPS	e_srcv03.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPSON Background Monitor	STMS.EXE	Supposed to keep an Epson printer ready for quick printing. Users report little difference whether it is on or not
U	EPSON CardMonitor	EPSON CardMonitor1.0.exe	Monitors the PCMCIA memory card slot on EPSON cameras and printers and launches PhotoStarter or PhotoPrint
N	EPSON Status Monitor 3 Environment Check	e_srcv03.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPSON Status Monitor 3 Environment Check	e_srcv02.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPSON Status Monitor 3 Environment Check 2	e_srcv03.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
N	EPSON Status Monitor 3 Environment Check 2	e_srcv02.exe	According to the Epson info: "Use this utility to automatically check for errors and also check the level of ink remaining." This utility can also be started on demand when about to print as follows: File menu > Print to bring up the print dialog box. Click on the Properties button which will bring up a display with 4 tabs. Click the Utility tab to get a list of utilities that can be executed including the Status Monitor 3 Environment Check
U	EPSON Stylus C40 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C40 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C41 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C41 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C42 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C42 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C43 Series	E_S08IC1.EXE	Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C43 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C43 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C44 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C45 Series	E_S4I3T1.EXE	Epson Status Monitor 3 for the Stylus C45 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C46 Series	E_S4I0T1.EXE	Epson Status Monitor 3 for the Stylus C46 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C60 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C60 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C61 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C61 Series printer - for monitoring printer status, checking ink levels, etc
U	Epson Stylus C62 Series	E-S0BIC1.EXE	Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C62 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C62 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C63 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C63 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C64 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C64 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C66 Series	E_S4I0S2.EXE	Epson Status Monitor 3 for the Stylus C66 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C67 Series	E_FATIAAL.EXE	Epson Status Monitor 3 for the Stylus C67 Series printer - for monitoring printer status, checking ink levels, etc
U	Epson Stylus C82 Series	E_S0HIC1.EXE	Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C82 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C82 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C84 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C84 Series	E_S4I2D1.EXE	Epson Status Monitor 3 for the Stylus C84 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus C87 Series	E_FATIABL.EXE	Epson Status Monitor 3 for the Stylus C87 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX2900 Series	E_FATIBFP.EXE	Epson Status Monitor 3 for the Stylus CX2900 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX3200	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX3600 Series	E_FATI9BE.EXE	Epson Status Monitor 3 for the Stylus CX3600 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX3800 Series	E_FATIACA.EXE	Epson Status Monitor 3 for the Stylus CX3800 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX4200 Series	E_FATIAEA.EXE	Epson Status Monitor 3 for the Stylus CX4200 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX4500 Series	E_FATI9AP.EXE	Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX5400	E_S4I2G1.EXE	Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX6000 Series	E_FATIBIA.EXE	Epson Status Monitor 3 for the Stylus CX6000 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX6500 Series	E_FATI9EP.EXE	Epson Stylus CX6500 Series printer monitor - for checking ink levels, etc
U	EPSON Stylus CX6600 Series	E_FATI9EE.EXE	Epson Status Monitor 3 for the Stylus CX6600 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX7000F Series	E_FATIBKA.EXE	Epson Status Monitor 3 for the Stylus CX7000F Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX7800 Series	E_FATIAFA.EXE	Epson Status Monitor 3 for the Stylus CX7800 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus CX8400 Series	E_FATICEA.EXE	Epson Status Monitor 3 for the Stylus CX8400 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus D68 Series	E_FATIAAE.EXE	Epson Status Monitor 3 for the Stylus D68 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus D78 Series	E_FATIBGE.EXE	Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus D88 Series	E_FATIABE.EXE	Epson Status Monitor 3 for the Stylus D88 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus DX3800 Series	E_FATIACE.EXE	Epson Status Monitor 3 for the Stylus DX3800 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus DX4000 Series	E_FATIBEE.EXE	Epson Status Monitor 3 for the Stylus DX4000 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus DX4400 Series	E_FATICAE.EXE	Epson Status Monitor 3 for the Stylus DX4400 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus DX4800 Series	E_FATIADE.EXE	Epson Status Monitor 3 for the Stylus DX4800 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus DX5000 Series	E_FATIBVE.EXE	Epson Status Monitor 3 for the Stylus DX5000 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus DX6000 Series	E_FATIBIE.EXE	Epson Status Monitor 3 for the Stylus DX6000 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus DX8400 Series	E_FATICEE.EXE	Epson Status Monitor 3 for the Stylus DX8400 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo 2200	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus Photo 2200 printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo 825	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus Photo 825 printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo 925	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus Photo 925 printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R1800	E_FATI9LA.EXE	Epson Status Monitor 3 for the Stylus Photo R1800 printer - for monitoring printer status, checking ink levels, etc, etc
U	EPSON Stylus Photo R200 Series	E_S4I0H2.EXE	Epson Status Monitor 3 for the Stylus Photo R200 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R220 Series	E_S6I2I1.EXE	Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R220 Series	E_FATIAIE.EXE	Epson Status Monitor 3 for the Stylus Photo R220 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R240 Series	E_FATIAHE.EXE	Epson Status Monitor 3 for the Stylus Photo R240 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R260 Series	E_FATIBNA.EXE	Epson Status Monitor 3 for the Stylus Photo R260 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R300 Series	E_S4I2F1.EXE	Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R300 Series	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R320 Series	E_FATI9FA.EXE	Epson Status Monitor 3 for the Stylus CX4500 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo R380 Series	E_FATIBOA.EXE	Epson Status Monitor 3 for the Stylus Photo R380 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo RX420 Series	E_FATI9CE.EXE	Epson Status Monitor 3 for the Stylus Photo RX420 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo RX430 Series	E_FATI9CP.EXE	Epson Status Monitor 3 for the Stylus Photo R320 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo RX500	E_S4I2K1.EXE	Epson Status Monitor 3 for the Stylus Photo RX500 Series printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Photo RX600	E_S4I2M1.EXE	Epson Status Monitor 3 for the Stylus Photo RX600 printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Pro 4000	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus Pro 4000 printer - for monitoring printer status, checking ink levels, etc
U	EPSON Stylus Pro 7600	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus Pro 7600 printer - for monitoring printer status, checking ink levels, etc
U	EpsonPhotoStarter	EPSON_PhotoStarter.exe	Only needed if you want to make full use of the capabilities of an Epson printer that included this
X	Eptr	nopdb.exe	Added by an unidentified WORM or TROJAN!
X	EQAdvice	EQAdvice.exe	NewAds1 adware
U	EQArticle	EQArticle.exe	EQArticle adware
?	Equipmen	Equipmen.exe	??
U	Eraser	eraser.exe	Eraser allows for complete removal of data from your hard drive
U	eRecoveryService	check.exe	Acer Notebook related. Acer eRecovery allows the user to restore the operating system or backup the current system profile, thus ensuring system integrity
U	eRecoveryService	Monitor.exe	Part of Acer Empowering Technology. "Acer eRecovery Management is a powerful utility that does away with the need for recovery disks provided by the manufacturer, and also acts as a versatile standalone backup and recovery manager"
U	eRecoveryService	eRAgent.exe	Acer's eRecovery Management program. This program allows you to create and restore backups of your computer
N	EReg	reg32.exe	EReg is a software registration tool incorporated on products such as those by Br?derbund, Connectix, Hewlett-Packard, The Learning Company, and Sierra. Needless to say you don't need it
X	erfgddfk	wind2ll2.exe	Added by the BEAGLE.CQ WORM!
X	erghgjhgdr	windlhhl.exe	Added by the BEAGLE.BG WORM!
X	erghgjhjgdr	windlhhl.exe	Added by the BEAGLE.BG or BEAGLE.BH or BEAGLE.BI or BEAGLE.BJ WORMS!
?	erm	erm.exe	??
X	eros.exe	eros.exe	Adult content dailler
X	ErrClean	SysRep.exe	ErrClean misleading security software - not recommended, see here
N	Error Nuker	ErrorNuker.exe	ErrorNuker registry cleaner - only required if you want the application to run a scan at startup. The program can be launched manually if required
X	Error Safe	ers.exe	ErrorSafe misleading security software - not recommended, see here
X	ErrorGuard	ErrorGuard.exe	Spyware remover - not recommended, see here
X	errorhandler	errorhandler.exe	ErrorHandler adware
X	ERS	ers_startupmon.exe	ErrorSafe misleading security software - not recommended, see here
X	erscw	erscw.exe	ErrorSafe misleading security software - not recommended, see here
X	ERS_check	ers_startupmon.exe	ErrorSafe misleading security software - not recommended, see here
X	erthegdr	windll2.exe	Added by the BEAGLE.CG WORM!
X	erthgdr	windll.exe	Added by the BEAGLE.AO or BEAGLE.AQ WORMS!
X	erthgdr	svc.exe	Added by the BEAGLE.BN or BEAGLE.BP WORM!
X	erthgdr2	svc23.exe	Added by the BAGLE.CG WORM!
?	ERTS0749	ERTS0749.exe	IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?
U	ERUNT AutoBackup	AUTOBACK.EXE	ERUNT backup utility - when added to the user's startup folder automatically backs up the registry each time the system boots, resulting in numerous backups that can be restored
X	erwghjjrjt	ucbcg.exe	Added by the SMALL.CUL TROJAN!
Y	eSafe Protect	ESPWatch.exe	eSafe from Aladdin - internet security for gateway and E-mail servers
U	ESB	esb.exe	Easy Start Button - provides functionality on certain laptops that have additional keys. Not required unless you use the extra keys
Y	eScan Monitor	AVKWCTL9X.EXE	MicroWorld eScan antivirus
U	eScan Scheduler	avkserv.exe	MicroWorld eScan antivirus scheduler
U	eScan Updater	Trayicos.exe	MicroWorld eScan antivirus updater - allows users to automatically download updates and set the auto time interval for downloads
X	EScorcher	escorcher.exe	Part of eScorcher anti-virus software - responsible for performing virus checks and deletions. Used to collect information about the user and therefore treated as spyware - now the web-site is dead
N	ESFTP	esftp.exe	ESftp - FTP client for transfering files between a local PC and another remote computer
U	eSnips	ClientGW.exe	eSnips Client Gateway from eSnips
X	Esoh	Esoh123.exe	Added by the AGOBOT.FF WORM!
X	Especial	Deneca.bat	Added by the DELUZ VIRUS!
N	ESPN BottomLine	bline.exe	ESPN BottomLine. "You can dock the BottomLine to the top or bottom of your screen or drag it around on your desktop, without even worrying about a browser. As long you keep the BottomLine running, you will continue to receive live scores and breaking news, and by clicking on any score or news item, you will be taken directly to the corresponding page on ESPN.com for a full break down."
?	ESS Daemon	Essd.exe	Related to an ESS based soundacard. Is it required?
?	essapm	essapm.exe	ESS Solo soundcard driver. Is it required?
Y	Essdc	essdc.exe	Related to an ESS Solo soundcard. Seems as though it's required
?	ESSNDSYS	ESSNDSYS.EXE	Related to an ESS based soundacard. Is it required?
Y	ESSOLO	ESSOLO.exe	Sound card driver that re-instates itself every time it's removed
Y	esspk	esspk.exe	ESS Technology modem speaker driver file. Required to get on-line with this modem
U	EssSpkPhone	essspk.exe	ESS Technologies Call waiting, which gets installed by the drivers for V92 modems based on ESS Technologies chipsets
?	eSupInit	eSupCmd.exe	Related to SupportSoft (aka Support.com) "Real-Time Service Management software". What does it do and is it required?
X	ETB Tester	etbtest.exe	Added by the RBOT-ABR WORM!
X	etbrun	elit**32.exe [ = random char]	EliteBar adware
U	eTCertManger	eTCrtMng.exe	eToken Certificate Manager from Aladdin Knowledge Systems, Inc. A USB-based authentication, providing strong user authentication and password management solutions
N	Ethernet	tcaudiag.exe	3Com NIC Installation/Diagnostic MFC application. Diagnostics may be run from the Start -> Programs
X	ethernet	airftp.exe	Added by a variant of the SDBOT WORM!
X	ethernet	msnger.exe	Added by a variant of the SDBOT WORM!
X	ethernet	msftp.exe	Added by the SDBOT.BXJ WORM!
X	ethernet adapter	csrmss.exe	Added by a variant of the RBOT WORM!
X	Ethernet Driver	cmsrrs.exe	Added by a variant of the RBOT WORM!
X	Ethernet Drivers	smrrs.exe	Added by the RBOT-AAK WORM!
X	Ethernet Drivers	ethernet.exe	Added by the GAOBOT.CEZ WORM!
X	Ethernet Linking	ethernet.exe	Added by a variant of the IRCBOT TROJAN!
X	Etraffic	JavaRun.exe	TopMoxie adware
Y	eTrust EZ Firewall	efpeadm.exe	eTrust EZ Firewall
U	eTrust PestPatrol Active Protection	PPActiveDetection.exe	PestPatrol real-time protection feature. "Stops spyware before it infects your system"
X	eTrust Realtime Monitor	realmon.exe	Added by the LAZAR.B TROJAN!
Y	eTrustCIPE	ezdsmain.exe	eTrust EZ Deskshield from Computer Associates. Protects against malicious email attachments and unauthorized use of email by detecting and blocking unusual behavior
X	eTunnel	winfw.exe	Added by an unidentified TROJAN!
U	Eudora	Eudora.exe	Eudora from Qualcomm allows you to receive and send Internet e-mails
X	EUP Service	eupsvc.exe	Added by the DELBOT-Q WORM!
U	EuroGlot	EuroGlot.exe	Euroglot - "multilanguage translating system, available in the languages Dutch, English, French, German, Spanish and Italian"
?	Event Log	eventlog.exe	??
N	Event Planner Reminders	PLNRnote.exe	Sierra Event Planner tray icon
N	Event Reminder	pmremind.exe	A calendar/alarm program that installs with Br?derbund Printmaster
X	EventApplicationCmd	smschk.exe	Added by the IRCBOT-AO TROJAN!
U	EVENTLISTENER	EvLstnr.exe	Used with a Nikon digital camera to recognize when the camera is plugged in
N	eventmgr	eventmgr.exe	Used with a Microtek scanner. Manages the scanner's button events. Available via Start -> Programs
X	eventwvr	eventwvr.exe	Added by the COSIAM_G TROJAN!
?	EverioService	EverioService.exe	Related to the Cyberlink software supplied with JVC's Everio camcorders. What does it do and is it required?
U	Evidence Cleaner	ecleaner.exe	Evidence Cleaner cleans up tracks left by your PC and Internet activities
N	Evidence Eliminator	ee.exe	Evidence Eliminator - cover the tracks of your browsing habits and E-mails if you think you need to. Run manually on a regular basis
X	Evil	Evil.exe	Added by the MYTOB.JM WORM!
N	evntsvc	evntsc.exe	Application Scheduler installed along with RealOne Player. Once installed, it runs independently of RealOne Player. See here for more information, including how to disable it. Also see evntsvc and Realsched. Note that eventsvc.exe no longer appears to be in a newer version. To disable "tkbell.exe" in the new version (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
U	EVOLOSTA	EVOLOSTA.EXE	Evolo Status Monitor for wireless network cards. Allows a user to enter a specific access-point mode SSID, peer-to-peer mode channel, link speed, WEP encryption options, and has enable/disable and rescan buttons. It is not needed if using Windows XP or higher, as they have this built-in to the control panel. Also, if the user is very sure that there is ONLY ONE network available to connect to, then they can remove this. If it is not in startup, and the user needs to run it, they can simply type EVOLOSTA in the Start -> Run dialog to run it
U	Evoluent Mouse Manager	EvoMouExec.exe	Mouse manager for Evoluent VertcialMouse
X	EvtHtm	evthtm.exe	Premium rate adult content dialler
U	EW Message Server	msg32.exe	Conexant (older versions are Brooktree) Wavestream Message Server - associated with Conexant based audio devices
N	eWare Startup	iWareStart.exe	eWare iWare task bar. Not required
X	ewupdater	ewupdater.exe	EasyWebSearch adware updater
X	example	[random filename].exe	Added by the NUCLEAR TROJAN! Note - this trojan file is found in the WindowsNR or WinntNR folder
N	Excite Platform	Exlaunch.exe	Loads an Icon in the startup tray that allows you to receive service update notices for Excite@Home if you desire (note that since Excite@Home appears to be winding down this becomes irrelevant). May also allow you to kill the Excite Toolbar that automatically loads in Internet Explorer
?	Excite Private Messenger Pipe	x8impipe.exe	??
N	ExciteAssistantEXE	ASSISTANT.EXE	With Excite Assistant, you can access a wide variety of online information, including email, news, and stock quotes without having to have a browser window open
X	exdl.exe	exdl.exe	BargainBuddy foistware
X	exe lptt01	exe.exe	RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	exe ml097e	exe.exe	RapidBlaster variant (in a "Exe" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	execfg4	execfg4.exe	Added by the ELECTRON WORM!
X	ExecUser	ExecUser.exe	Added by a variant of the RBOT WORM!
?	Execute	delfolders.exe	??
X	ExeName32	Warm.scr	Added by the SCOLD WORM!
X	ExFilter	Rundll32.exe [path] cdnspie.dll, ExecFilter	CNNIC Update pest
?	exgiwsl	exgiwsl.exe	??
U	Exif Launcher	Exiflaquickdcr.exe	USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
U	Exif Launcher	QuickDCF.exe	USB mass storage driver used by some digital cameras such as the Fuji Finepix. Only required if you use it regularly
U	ExitKiller	Ekiller.exe	Exit Killer - automatically closes pop-up windows in your browser
?	exmon	hpimoniter.exe	Some kind of hp digital camera maybe or a photo smart connection probe?
X	Exn	exn.exe	Added by the IRCBOT.RJ WORM!
X	expcrt	[random filename]	Added by a variant of the SLAPER TROJAN!
X	ExpertAntivirus	ExpertAntivirus.EXE	ExpertAntiVirus misleading antivirus program - not recommended, see here
X	EXPL0RE.EXE	EXPL0RE.EXE	Added by the POPNO-A TROJAN! Note that the filename is spelled using the digit "0" instead of the uppercase letter "o"
X	Expl0rer soft	expl0rer.pif	Added by the RBOT-AQR WORM!
X	expler	Updadv.exe	Added by the QQPASS-N TROJAN!
X	Explkw	expup.exe	Keywords hijacker
X	explord.exe	explord.exe	Added by the DLOADR-AYW TROJAN!
X	explore	explore.exe	Added by any number of VIRUSES, WORMS or TROJANS!
X	Explore	Explorer.exe	Added by the IRC.FLOOD.G TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually!
X	Explore	explore.exe	Adult content dialler
X	explore manager	explore.exe	Added by the DONBOMB.A TROJAN!
X	explore.exe	Explore.exe	Added by the GRAYBIRD.G TROJAN!
X	exploreff.exe	exploreff.exe	Added by the FINFANSE TROJAN!
U	explorer	explorer.exe	Starts Windows Explorer. Unless this has been manually added to startups or added by another program it could be a virus such as PE_BISTRO or DVLDR or MYDOOM.C. Note that it is also not the explorer.exe task/service you'll see when via CTRL+ALT+DEL
X	explorer	wscript.exe [filename]	Sneaky way to start any VBS script. Many viruses use VBS files. Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted
X	Explorer	shellexpl.exe	Added by the SHELDOR TROJAN!
X	explorer	expl32.exe	Added by the RATSOU TROJAN!
X	Explorer	[path to worm]	Added by the AUTEX WORM!
X	Explorer	shellexp.exe	Added by a variant of the SHELDOR TROJAN!
X	EXPLORER	EXPL0RER.EXE	Added by the BEASTDO-Y TROJAN! Note the "0" in the filename rather than upper case "o"
X	EXPLORER	sys.exe	Added by the SILLYFDC-A TROJAN!
X	Explorer	config_.com	Added by the FLOPPY-D WORM!
X	Explorer	drv.exe	Added by the SMALL-FD TROJAN!
X	explorer	[path to trojan]	Added by the AGENT-EU TROJAN!
X	explorer	explorer.exe	Added by the KEYLOG-AK TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "service" subfolder of the System folder
X	EXPLORER	EXPLORER.exe	Added by the NETHIEF-P TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "SHELLEXT" subfolder of the System folder
X	explorer	explorer.exe	Added by the BLOCKEY-A TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in a "config" subfolder of the System folder
X	explorer	Yinstall.exe	PurityScan/Clickspring adware
X	Explorer	Windows Explorer.exe	Added by the SILLYFDC-I WORM!
X	Explorer	explorar.vbs	Added by the DESKTO-A WORM!
X	Explorer Loader	explr32.exe	Added by the AGOBOT.N WORM!
X	Explorer Loader	explorerl.exe	Added by the SDBOT-ADI WORM!
X	Explorer lptt01	explorer.exe	RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
X	EXPLORER MICROSOFT SYSTEM	explore.exe	Added by a variant of the RBOT WORM!
X	Explorer ml097e	explorer.exe	RapidBlaster variant (in a "explorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here.Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
X	Explorer soft	explorer.pif	Added by the RBOT-APK WORM!
X	Explorer soft	explorer.com	Added by the RBOT-ARM WORM!
X	Explorer Updater	IEXPLORE.exe	Added by the SDBOT-WO WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	explorer.exe	explorer.exe	Added by the AGENT-EW or PWS-CY TROJANS! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	explorer.exe	explorer.exe	Added by the DELF-ACL TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
X	Explorer32	Expl32.exe	Added by the HACKTACK.B TROJAN!
X	Explorer32	explorer6s4.exe	Added by the Downloader.Win32.Small.biq TROJAN!
X	Explorer32	efsdfgxg.exe	Added by the CLICKER-Y TROJAN!
X	Explorer6.1.EXE	Explorer.exe	Added by the MYDOOM.B WORM!
X	ExploreUpdSched	[random filename]	ZenoSearch adware
X	ExploreUpdSched	ncntnkwd.exe	Identified as a variant of the AdWare.Win32.ZenoSearch.am malware
X	exporet	winset.exe	Added by the QQPASS-I TROJAN!
U	Express ClickYes	ClickYes.exe	"Express ClickYes is a handy tool that runs in the system tray automatically clicks the Yes button for the Outlook Security security prompt, that asks you to confirm mail sending from third party applications"
U	Exshow95	EXSHOW95.exe	Support software for some of the Kensington mice. Provides access to extra features like those available with enhanced Logitech and MS devices
N	Extender Resource Monitor	RMSysTry.exe	Related to Windows Media Center from Microsoft
X	External Dependencies	External.exe	Added by the MYTOB.EC WORM!
U	ExtraDNS	ExtraDNS.exe	ExtraDNS - DNS configuration tool
?	Extranet AutoDial	AutoExt.exe	Nortel Networks Contivity Extranet Switching Software
?	ExxtremeHelperDemon	exxdemon.exe	Creative Exxtreme graphics card related?
N	Eye Tide Launcher	oneeyetideone.exe	Nascar wallpaper
X	EYORE	Notepad.scr	Added by the GIMLET-A WORM!
Y	EZ Firewall	ca.exe	eTrust EZ Armor Internet Security
N	ezagent	ezagent.exe	EzVCR recording software for the ASUS TV FM card. Available via Start -> Programs
N	EzButton	EzButton.EXE	EZbutton is a quick launcher for the Media player app that comes with certain laptops
N	EZDesk	EZDESK.EXE	Utility that remembers icon locations for each user and resolution. Available here
N	EzEjMnAp	EzEjMnAp.exe	For IBM Thinkpad Notebooks. Quote: "The IBM ThinkPad EasyEject Utility makes removing multiple devices from your computer faster and easier by enabling you to stop more than one device at once, rather than stopping each device individually". Available via Start -> Programs
X	eZmmod	mmod.exe	eZula TopText adware
?	EZNORUN	EZNORUN.EXE	Easy Internet related?
N	EzPrint	ezprint.exe	Lexmark Fast Pics - helps users of their printers to enhance, print and manage their photos quickly and easily
Y	ezPS_Px	ezSP_PxEngine.exe	Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Y	ezPS_Px	ezSP_Px.exe	Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Y	ezShieldProtector for Px	ezSP_Px.exe	Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
Y	ezShieldProtector for Px	ezSP_PxEngine.exe	Engine that allows PrimoDVD from Veritas (was Prassi) and Drag'n Drop CD from Easy Systems (and maybe others) to record and protects against other software overwriting the settings
U	EZSMART App	ezsmart.exe	EZ-S.M.A.R.T. hard drive monitoring software from StorageSoft - appears to be no longer supported
X	ezula	eZmmod.exe	eZula TopText adware
X	eZulaMain	eZulaMain.exe	eZula TopText adware
X	eZuluMain	eZuluMain.exe	Comes with "KaZaA" installation. Advertising Spyware. Not required but KaZaA won't work
X	eZWO	wo.exe	eZula TopText adware
U	E_S10IC2	E_S10IC2.EXE	Epson Status Monitor 3 for the Stylus C44 Series printer - for monitoring printer status, checking ink levels, etc
U	E_S23	E_SICN03.exe	Epson printer status monitor - for checking ink levels, etc.
U	E_S4I2F1	E_S4I2F1.EXE	Epson Status Monitor 3 for the Stylus Photo R300 Series printer - for monitoring printer status, checking ink levels, etc
N	E_S4I2G1	E_S4I2G1.EXE	Epson Status Monitor 3 for the Stylus CX5400 printer - for monitoring printer status, checking ink levels, etc
U	E_SOEIC1	E_SOEIC1.exe	Epson Status Monitor 3 - for monitoring printer status, checking ink levels, etc
U	F-PROT Antivirus Tray application	FProtTray.exe	System Tray access to F-PROT Antivirus
X	F-Secure 2005	svchost.exe	Added by the BIFROSE-CH TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Y	F-Secure 2006	fspex.exe	F-Secure Anti-Virus automatic updater
U	F-Secure Management Agent	FSMA32.EXE	F-Secure antivirus - F-Secure Policy Manager provides tools for administering F-Secure software products
Y	F-Secure Manager	FSM32.EXE	F-Secure antivirus - carry out scheduled virus scans automatically
Y	F-Secure Startup Wizard	FSSW.EXE	F-Secure antivirus
Y	F-Secure TNB	TNBUtil.exe	F-Secure antivirus
Y	F-StopW	F-StopW.exe	F-Prot anti-virus background scanner by F-Risk Software
U	f1Tray.exe	F1TRAY.EXE	System Tray icon for FusionOne's MightyPhone software. "MightyPhone is a concept for wirelessly synchronizing the data on your mobile phone with your web-based or PC based organizer"
?	f23mxins	f23mxins	Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?
X	f607	f607.exe	Added by the URAT.B TROJAN!
X	f73cdc8ee94e	btsendto.exe	Associated with mysearchnow.com/searchbar.html
X	f94mggfhfghodftdf	[path to trojan]	Added by the SMALL.JHZ TROJAN!
U	FamilyKeyLogger	cisvc.exe	Family Keylogger is a program that lets you record to a special file and then view all the keystrokes typed by everyone using your computer. Keystroke logger/monitoring program - remove unless you installed it yourself!
X	Fantasia injector	wincfg.exe	Added by the AGOBOT.US WORM!
?	fapmon	fapmon.exe	Fair Access Policy monitor for DirecPC/DirecWay internet access
X	farmmext	farmmext.exe	VX2.Transponder parasite updater/installer related
X	Fash	Fash.exe	Unidentified adware
X	faslkakj11	kjgagklj11.exe	Added by the LEGMIE-ARE TROJAN!
N	fast	fast.exe	Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
N	FAST Defrag	FAST2.EXE	FastDefrag defragmenting software
X	Fast Home	svcnvt.exe	Detected by Kaspersky as the DELF.KS TROJAN! This file may be found in the System folder on 9x machines, however as of this writing it has only been seen in the System32 folder
X	Fast Search	svcnv.exe	Homepage, Startpage hijacker. Possible variant of Trojan-Downloader.Win32.Delf
X	Fast start	Ntut.exe	Adware - deteced by Kaspersky as the FAVADD.I TROJAN!
X	Fast start	svcnt.exe	Adware - detected by Kaspersky as a variant of the FAVADD TROJAN!
U	FastCache	fc.exe	FastCache from AnalogX - speeds up browsing by resolving DNS requests locally
X	FastStart	ntnut32.exe	Added by the STARTPAGE.L TROJAN!
X	FastStart	svcnut.exe	Browser hijacker - a variant of the STARTPAGE.L TROJAN!
X	FastStart	svcnut32.exe	Browser hijacker - a variant of the STARTPAGE.L TROJAN!
N	FastTrack Accelerator	SPEED UP.EXE	FastTrack Accelerator - "speedup" utility for programs that use the FastTrack network such as KaZaA Media Desktop, Grokster and Morpheus
X	FASTTRACKNETVISION	NETVISION.exe	DialCar-Z premium rate dialer
U	FastTVSync	FastTVSync.exe	Part of InterVideo DVD Copy 5 Platinum - "fast DVD copying and file conversion software. In just three steps, you can copy videos to most DVD formats, or convert them for smooth, flawless viewing on your PSP? or iPod?. With broad format support and unique CopyLater? technology, DVD Copy saves you time and ensures high-quality output like no other copying software"
N	FastUser	fast.exe	Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
N	FastUsr	fast.exe	Installs as part of Windows XP PowerToys as an option for very-fast user switching (allowing a keystoke to switch users instead of using the login screen). It is only used for the hot-key switch and yet it hogs 1.5 megs of memory in two separate processes (one run by the user & one by the system). Optional install in PowerToys
U	FatPipe	DHCP	Software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
U	Fatpipe Dialer	fpdialer.exe	Dailler for Fatpipe - software enabling high speed internet browsing (2-4 times faster) and internet connection sharing for up to 5 users
U	fatrecov	fatrecov.exe	SCKeyLog.j keystroke logger/monitoring program - remove unless you installed it yourself!
U	FavoriteSync	FavoriteSync.exe	FavoriteSync keeps the same set of Internet Explorer Favorites on several computers in sync
U	FaxCenterServer	fm3032.exe	FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others
U	FaxCenterServer4_in_1	fm3032.exe	FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software. Incorporated into software by Lexmark, MCI, Lotus, My Software, Broderbund, Traffic Software and many others
U	FaxCtrl.exe	ASMediaProxyServer.exe	Part of Avaya's Contact Center Express - "a multi-channel, high-volume software solution from Avaya designed specifically for the intelligent routing and computer telephony integration (CTI) needs of medium-sized contact centers"
N	FaxTalk CallControl 6.0	FTClCtrl.EXE	This allows the software to handle incoming and outgoing communications without requiring the FaxTalk Communicator application to be loaded into memory. Can be started manually
U	FBDirect	FBDirect.exe	Software that monitors the status of a Visioneer OneTouch scanner button and allows you to scan, fax, copy, print, and easily communicate by simply dragging and dropping scans on your PaperPort Desktop!. The **** represents the model, 5300, 7600, etc. Available via Start -> Programs
?	FBI	FBISM.exe	Compaq related but what does it do?
X	fc	runfc.exe	Added by the CAMPURF WORM!
X	FCEngine	FCEngine.exe	CASClient adware
X	FCHelp	FCHelp.exe	Added by either FCHelp adware or a variant of it
X	FCMan	FCMan.exe	FCHelp adware
X	Fdaemon security	fsecur.exe	Added by the SDBOT.KXO WORM!
X	FDD SYSTEM	Fdd.exe	Added by the MYTOB-FO WORM!
X	Fdr Command Module	sp2.exe	Added by the SDBOT.WP WORM!
X	FDriver	windrv.exe	Added by the DELF.WG TROJAN!
U	FD_SAP	FD.exe	Reported to be the autopassword program from the Sony Microvault thumb drive
U	feedreader.exe	feedreader.exe	"Feedreader is a freeware Windows application that reads and displays Internet newsfeeds aka ATOM and RSS feeds based on XML"
X	feelalright	mirc.exe	Added by the IRCFLOOD-M WORM!
U	FEELitDeviceManager	feelitdm.exe	Associated with Immersion TouchSense devices (Logitech Wingman Force Feedback Mouse and possibly other peripherals)
X	fegoze	SVCH0ST.EXE	Added by the GRAYBIRD.D VIRUS! Note - the filename has the digit 0 rather then the uppercase "o"
U	Fellowes Proxy	R3proxy.exe	Installed with Fellowes EasyPoint mouse software. Not necessary for normal functioning of Fellowes mice but it is necessary to use the extended features of all Fellowes mice
X	Fen Startups	fensvc32.exe	Added by the RANDEX.CCF WORM!
U	FerrariWallPaper	FerrariWP.exe	Calendar that replaces the default desktop background image. It comes with every Acer Ferrari 3000 laptop. Also downloadable for members of www.ferrari.com
X	ffis	ffisearch.exe	iSearch "Desktop Search" hijacker
U	FG1_00	frntgate.exe	FrontGate MX - e-mail spam blocker
?	fgl23DoubleScreenHooks	f23happ.exe	Related to the now discontinued ATI Fire GL3 graphics card. What does it do and is it required?
X	fGQEGqHOME	gwwgtp.exe	Added by the RANKY.J TROJAN!
X	FHPage	shdochp.exe	Added by the DELF-Ks TROJAN!
X	FHStart	shdocsvc.exe	Added by the DELF-Ks TROJAN!
U	Fhtisxk	fhtisxk.exe	XtraKeys keystroke logger/monitoring program - remove unless you installed it yourself!
U	FieldForms Sync	SyncService.exe	Resco FieldForms. A solution for building of mobile forms that can be viewed or filled in on the run, on a wide range of mobile devices. Supports Microsoft Access databases, and provides for synchronization of other data as well
X	FiendlyType	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	FILE	abcdefg.exe	Added by the KELVIR.DD WORM!
?	file indexing service	msfindfile.exe	New version of MS FindFast and still a resource hog?
X	file laoder configuration	rnd32.exe	Added by the RBOT.BQJ WORM!
X	File Mapping Services	hp-1003.exe	Added by the RBOT.FAN WORM!
X	File Protection Monitor	filemon.exe	Added by a variant of the RBOT WORM!
X	File System	taskmqrs.exe	Added by a variant of the TOXBOT/CODBOT WORM!
X	File System	taskmqr.exe	Added by the RBOT.BWQ WORM!
X	File System Service	wmiprvsc.exe	Added by the AGOBOT-HZ TROJAN!
X	File0_0	MD1.exe	Added by the DLOADER-OR TROJAN!
X	File1	Dia Claro.htm	Added by the DLOADER-OR TROJAN!
X	FileFreedom_Plugin	wtm.exe	FileFreedom peer-to-peer sharing program
X	FileManager32	Wscript.exe ChkMgr32.vbs	Added by the NOTUP.A WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "ChkMgr32.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	FileSoft	Wscript.exe UpdataFiles.vbs	Added by the SST.B WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "UpdataFiles.vbs" file is located in the Winnt or Windows folder
U	FilmLoop	FilmLoopService.exe	Related to FilmLoop - a photocasting network. Share your pictures with your family and friends
U	FilterGate	filtergate.exe	Filtergate internet filtering software - filters sounds, popup ads, background sound and other unnecessary website items
U	Filterguard	Filtrgrd.exe	An icon located in the lower left of the screen and looks like a lifesaver. This icon is a "short-cut" to access the basic features of SOS-Guardian, SOS-KidProof Lite, SOS Best Defense and SOS Pro such as Internet filtering utility. You can access this menu by "right-clicking" on the icon
X	Find	find.exe	Added by the OPANKI WORM!
X	Find Fast	Findfast.exe	Complete utter waste of space! Part of MS Office - searches disk drives for Office file types to make opening them easier
Y	Find Virus Launch Program	fvlaunch.exe	Part of Dr. Solomon's Antivirus
X	FindHack	[path to trojan]	Added by the KELVIR-BA TROJAN!
U	FinePrint Dispatcher v4	fpdisp4a.exe	FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
U	FinePrint Dispatcher v4	fpdisp4.exe	FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 4.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
U	FinePrint Dispatcher v5	fpdisp5a.exe	FinePrint Dispatcher - handles the spooling of print jobs to the FinePrint printer. Version 5.x of the software. "FinePrint saves ink, paper, time and money by controlling and enhancing printed output"
N	FineReader7NewsReaderPro	AbbyyNewsReader.exe	ABBYY FineReader OCR software - version 7
X	Fire Wall services	[random filename]	Added by the IRCBOT-QY WORM!
?	FireBox Control Panel	FireBox.exe	Control panel for the Presonus FireBox firewire based music recording system. Is it required?
X	FireExplore Update	FireExplore.exe	Added by a variant of the RBOT WORM!
X	FireFox	firefox.exe	Added by the RBOT-ATP WORM! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Firefox Plugin Manager	firefoxpgm.exe	Added by the MSNPHOTO.E WORM!
X	FireFox Service Drivers	ssmss.exe	Added by a variant of the SDBOT WORM!
X	FireFox Startup Drivers	wuaclt.exe	Added by the RBOT.BYX WORM!
X	firefox.exe	firefox.exe	Added by the BANKER-EBO TROJAN! Note - this is not the popular FireFox web browser and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Firewall	wmlaunch .exe	Added by the ELIPTER.A or ELIPTER.B WORMS!
X	Firewall	wmlaunch .exe	Added by the ELIPTER.D WORM!
X	Firewall	SP2 UPDATE.exe	Added by the ELITPER.E WORM!
X	Firewall	Firewall.bat	Added by the YPSAN.G WORM!
X	firewall	fw_304.exe	Added by the JQ TROJAN!
X	Firewall auto setup	winlogon.exe	Added by a TROJAN - see here. Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X	Firewall Controls	sys32.exe	Added by the SDBOT-DGI WORM!
X	Firewall Policy	MidiDef32.exe	Added by the PIEBOT-A TROJAN!
X	Firewall Sp2 system	sys32Conf.exe	Added by the RBOT-ABT WORM!
X	Firewall Update System1	WinedowsUpdater1.exe	Added by the RBOT-ARU WORM!
X	Firewall Updater	msnupdateit.exe	Added by the RBOT-AAQ WORM!
X	Firewall.exe	Firewall.exe	Added by the AGENT.AGL WORM!
X	FirewallActivies	csrss.exe	Added by the BANKER-AQ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "3041" subfolder
U	FirewallStartup	Firewallstartup.exe	Innovative Startup Firewall - "designed to protect your computer from programs that install themselves in the StartUp area of your Windows without asking for your approval. Innovative StartUp Firewall will help you keep your computer clean, fast and in it's best shape"
X	FirewallSvr	FirewallSvr.exe	Added by the NETSKY.X or NETSKY.Y WORMS!
X	firewall_anti	firewall_anti.exe	Added by the NETDENY-B TROJAN!
X	FireWire Driver	samx.exe	Added by the SDBOT.AE WORM!
X	FireWire Service	nvscv32.exe	Added by a variant of the SDBOT WORM!
X	FireWire Services	nvcsv32.exe	Added by a variant of the SPYBOT WORM!
X	First Home Page	http://find.naupoint.com	Naupoint browser hijacker
X	FIX	WinFIX1.0.vbs	Added by the GORMLEZ-A WORM!
Y	Fix-it	mxtask.exe	Part of Ontrack's Fix-it Utilities Suite. Loads a System Tray icon that lets you access the full program. Needed if you run the crash guard, intellicluster, anti-virus, or autoupdater. Otherwise not required
Y	Fix-it AV	memcheck.exe	Part of Ontrack's Fix-it Utilities Suite anti-virus. Performs a quick check of memory for signs of any virus. Exits afterward and returns all resources used in one user's experience. Not required but could be left without a drain on resources
X	fjdslssdfd	mat2.exe	Added by the SLAPEW.C TROJAN!
U	FjMenu	FjMenu.exe	From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
U	FJTWAIN Setup	FjtwSetup.exe	Fujitsu scanner utility
N	FJUPDNV_Chitose	fjdvrupd.exe	Driver update for a Fujitsu Siemens Lifebook laptop
X	FKS v2.0	msngr.exe	Added by an unidentified WORM or TROJAN!
N	fkSysMon	fksysmon.exe	fkWrae SysMon - system monitor - "displays the current memory consumption, CPU and resource usage, date, time, Windows uptime, IP address and a lot more"
X	FlaCPY	flacpy.exe	FlashEnhancer adware variant
X	Flash Driver	[path to trojan]	Detected by PCTools as the AGENT.CWVT TROJAN! See here
X	Flash Media	%%%%%.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Flash Media	%%%.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Flash Media	[path to trojan]	Detected by Trend Micro as the IRCBOT.AUR TROJAN! See here
X	Flash Media	^ ^^^ %% % ^% ^%%^ %^ .exe	Added by a variant of the IRCBOT TROJAN! See here
X	Flash Media	^^% ^ %%% %^%%%^%%^%^% % ^^%% % %^^^^ ^%%^%% .exe	Added by a variant of the IRCBOT TROJAN! See here
X	Flash Media	^^^^^.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Flash Media	^^^^^^.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Flash Media	services.exe	Added by a variant of the IRCBOT TROJAN! See here. Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	Flash Media	zrpk??'?'%''msn'?%'fix''.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Flash Player2	[path to worm]	Detected by Trend Micro as the IRCBOT.PD WORM! See here
?	FLASH32	-flash32.exe	??
X	Flash32	FLASH32.COM	Added by the STARTER-F TROJAN!
U	FlashEnc	FlashEnc.exe	Supplied with EasyDisk USB pen devices. The utility manages the encryption and compressed folders options. It will create these folders if running on the USB key without permission, which is a pain. No need for it if you do not want these features
N	Flashget	FlashGet.exe	FlashGet download manager
X	Flashget Download Manager	Flashget.exe	Added by the RBOT-AGZ WORM!
U	FlashMute	FlashMute.exe	"FlashMute is a tool which allows you to mute/unmute Flash Movies loaded in a browser exclusively, or alternatively all sounds produced by the browser"
N	FlashPath Monitor	SDSTAT.EXE	System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
N	FlashPath Monitor	FLSHSTAT.EXE	System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
N	FlashPath Status	SDSTAT.EXE	System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
N	FlashPath Status	FLSHSTAT.EXE	System Tray icon that you can't get rid of - and does not need to run!. Tells you the battery status in the floppy disk adapter for the smartmedia cards. Available via Start -> Programs
X	Flashy Bot	Flashy.exe	Added by the GLUPZY.A WORM!
X	Flash_Player_Install	ying.exe	Constructor VC2000 malware
X	FlenCPY	flencpy.exe	FlashEnhancer adware variant
U	Flexicd	Flexicd.exe	CD player - part of the Win95 Power Toys
U	FlingRun	fling.exe	Fling - free FTP software from NCH Software
U	FLMBROWSERMOUSE	mouse32A.exe	Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
U	FLMK08KB	MMKEYBD.EXE	Multimedia keyboard manager. Required if you use the additional keys
U	FLMK08KB	KbdAp32A.exe	Keyboard utility for a Medion brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard
U	FLMLABTECMOUSE	mouse32A.exe	Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
U	FLMMEDIONMOUSE	mouse32a.exe	Mouse utility for a Medion branded Fellowes mouse
U	FLMOFFICE4DMOUSE	moffice.exe	Mouse utility for a Labtec brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
U	FLMOFFICE4DMOUSE	mouse32a.exe	Mouse utility for a Micro Innovations brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
U	FLMTRUSTKB	KbdAp32A.exe	Keyboard utility for a Trust brand keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard
U	FLMTRUSTMOUSE	mouse32a.exe	Mouse utility for a Trust brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
X	FlnCPY	flncpy.exe	FlashEnhancer adware variant
X	FLooDNeT	FLooDeR.exe	Added by the ENDOOL TROJAN!
X	Floppy Master	[path to trojan]	Added by the ZONIT-F TROJAN!
?	Flow Go TV	flogotv.exe	??
X	flps	flps.vbs	Added by the BYRON WORM!
X	flpycntl	flpycntl.exe	Added by the CRYPTER.C TROJAN!
?	FLSVCI	FLSVCI.exe	??
Y	FltProcess	msinet.exe	Part of Cyber Patrol internet filtering software to restrict access to certain types of material on the internet. It can be disabled but do not ask how it's done
X	FlyswatDesktop	flydesk.exe	Advertising spyware
U	FmctrlTray	Fmctrl.EXE	Genius SM-Live Control Panel. Enhances audio output through Genius sound cards (makes a big difference and worth the 3MB Ram used)
X	fmnwebassist	fmnwebassist.exe	Adware popup generator
U	FMStart	Fmstart.exe	GFI FAXmaker - native fax connector for Microsoft Exchange Server or for networks, allows all users to send and receive faxes right from their desktop
X	FMSZ	fmsz.exe	Added by the FMSZ TROJAN!
X	fnmwebassist	fnmwebassist.exe	WinPL adware
?	Focus	Focus.exe	ISDN configuration wizard?
X	Folder Service	wssdtu.exe	Added by the MANIFEST TROJAN!
U	Folder View	folderview.exe	Folder View enhances the Windows file Explorer by making all folders you need available in a single click
U	FolderClone v..*	folderclone.exe	Folderclone backup and synchronization software
X	FolderRaper	[path to worm]	Added by the VB.GOZ WORM!
U	FolderShare	FolderShare.exe	"FolderShare allows you to create a private peer-to-peer network that will help you to synchronize files across multiple devices and access or share files with colleagues and friends"
N	Folding@home	WINFAH.EXE	Folding@Home is a distributed computing project which studies protein folding, misfolding, aggregation, and related diseases - must be running in order to access the internet to upload to the servers. Available via Start -> Programs
N	FoneSyncSystemTray	FoneSyncSystemTray.exe	System Tray icon for Nokia FoneSync utility for the 7160/7190 mobiles. Useful to send data from/to the cell phone and the computer. You can use it to backup data or even to input data through the computer keyboard (which naturally is much more comfortable). Run manually when required
X	FontFix	fontfix.exe	Added by an unidentified VIRUS, WORM or TROJAN!
N	fontnav	FontNav.exe	Font Navigator from Bitstream Inc. - a font management utility
X	FontsLoader	ldfnt32.hta	Unidentified malware
X	FONTVIEW	FONTVIEW.EXE	Added by the OPASERV.T WORM!
U	FooBar 1.0	FooBar.exe	FooBar - "combines fifteen high-quality productivity tools in a single toolbar that floats on your desktop or runs in the Windows task bar"
X	foobin lptt01	adaware.exe	RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	foobin ml097e	adaware.exe	RapidBlaster variant (in a "foo1" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Y	FoolProof	fpwinldr.exe	FoolProof Security PC security software from SmartStuff
Y	FoolProofSweep	??	Part of FoolProof Security PC security software from SmartStuff
N	Forbes	ForbesAlerts.exe	Forbes Business News Alerts - displays business news headlines in a little window on the screen
X	ForceShow	rundll32.exe QaBar.dll, ForceShowBar	AdultLinks.QBar parasite related! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "QaBar.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
N	Forget Me Not	AGRemind.exe	Calendar reminder part of Broderbund's American Greetings? CreataCard?
X	FortiClient	FortiClient.exe	Fortinet security systems are the new generation of real time network protection systems
U	Fortis Secure Layer Config	cseinst.exe	Fortis Bank Home Banking part. Installed during the installation of the software necessary to run the Home Banking. According to Fortis Bank this will not in any way be harmful to the system or relay system information
N	FotoStation Easy AutoLaunch	FotoStation Easy AutoLaunch.exe	Installed with a Nikon digital camera. Used to collect photos uploaded from camera program NkVwMon.exe. If your camera is not connected (via USB port) you do not need this program loaded either
U	Foul PX	FoulPX.exe	Foul PX, Optusnet usage stat checker
U	FourthDay	FourthDay.exe	The Fourth Day - "astronomical clock and almanac for your system tray"
X	FoWilCo	fowilco.exe	Added by the WOOTBOT.CR WORM!
X	foxdh	foxdhend.exe	Added by the MENGHUAN TROJAN!
X	foxdh	foxdh.exe	Added by the GWGHOST-Q TROJAN!
X	foxrxjh	foxrxjh.exe	Added by the GWGHOST-T TROJAN!
X	foxwudy9912	service.exe	Added by the BANCOS-BT TROJAN!
Y	FP Loader	loadfp.exe	FoolProof Security - PC security software from SmartStuff
?	FPWGMWZD	FPWGMWZD.exe	??
N	Fpx	mnmsrvc.exe	Remote Desktop Sharing service part of Microsoft's Netmeeting allowing users to share items on their screens across remote locations
X	fqor	stub_113_4_0_4_0.exe	TargetSaver adware
X	FrameWork 2.5	FrameWork.exe	Added by the RBOT-FMW WORM! Note - can terminate AV related processes
X	France	svchost.exe	Added by the MIMAIL.L WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
U	Fraps	fraps.exe	Fraps Real-Time Video Capture software
N	Free Download Manager	fdm.exe	"Free Download Manager" - see here
?	Free Downloads Monitor	fdcmon.exe	??
U	Free Ram Optimizer	fro.exe	Free Ram Optimizer monitors your memory, and frees up ram if it falls below a certain minimum. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind
N	Freebie Notes	FreebieNotes.exe	Freebie Notes by Power Soft - create electronic notes (stickers)
Y	Freedom	Freedom.exe	Freedom Internet Security & Privacy - anti-virus, personal firewall and parental control. It also blocks ads, safeguards your personal information, encrypts your passwords, and much more. No longer available for sale
U	FreeMem Pro	FMEMPRO.EXE	FreeMem Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
U	FreeMemVn2	FreeMem.exe	FreeMem - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
X	FreeMP3download	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
U	FreeRAM XP	FreeRAM XP Pro *.exe	FreeRAM XP Pro - memory optimizer where * represents the version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
U	FreeRAM XP	FreeRAM XP Pro.exe	FreeRAM XP Pro - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
X	freestyle	lockx.exe	Added by the RBOT-ATH WORM!
U	freesurfer	fs20.exe	EMS Free Surfer mk II - pop-up stopper
X	freexstyle	lockbar.exe	Added by the LOXBOT.D WORM!
X	freexstyle	lockbr.exe	Added by the LOXBOT.C WORM!
X	freinst	pgs.exe	WinSpyControl spyware remover - not recommended, see here
U	Fresh Desktop	freshdesktop.exe	Fresh Desktop is a utility that lets you manage vast collections of wallpapers for your desktop with ease. When run on bootup it changes the desktop wallpaper at startup or at specified intervals
N	freshclam	freshclam.exe	Auto update agent of the open source Clamwin virus scanner
?	frguk	shdrkmck.exe	??
?	FridaysInHellInstaller	FridaysInHellInstaller.exe	??
X	FriendlyType	lsass.exe	Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X	FriendlyTypeName	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X	FriendlyTypeName	winlogon.exe	Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
N	FriendlyWebQuick-Launch	SELFCERT.EXE	selfcert.exe is a stand alone program for creating your own digital certificates for macros - the .exe is installed as an extra basically by clicking on MS Office in add/remove programs and selecting remove - also I would do away with the FriendlyWebQuickLaunchBar as well
U	FRISK FP-Scheduler	F-Sched.exe	Scheduler for F-Prot anitvirus software. Leave enabled unless you scan manually on a regular basis
?	FRITZ!DSL Startcenter	StCenter.exe	FRITZ! ISP software "StartCenter" User interface that allows you to manage, tweak and diagnose many aspects of your internet connection - is it required?
U	FRITZ!webProtect	FwebProt.exe	Firewall included in FRITZ! ISP DSL software
N	Fromine WinPopup	winpopup.exe	Instant Messenger program
X	froody	timoty.exe	Added by an unidentified malware
X	Frsk	frsk.exe	Unidentified adware downloader trojan
X	frun	derc32xz.exe	Added by an unidentified TROJAN!
Y	FRW_EXE	FRW.EXE	ConSeal Signal9 firewall - now McAfee Personal firewall
Y	frxmxins	frxmxins.exe	ATI 3D Studio MAX/VIZ driver
X	FS Agent	fagent.exe	Added by the VOLVER-B TROJAN!
X	FS6519	FS6519.dll.vbs	Added by the SOLOW.B WORM!
Y	fsaa	fsaa.exe	F-Secure antivirus Authentication Agent - creates and stores private keys used by a client to access servers
N	FSCBoss	FSCBoss.exe	Free Store Club shop online software
?	FSDPSRV	FSDPSRV.exe	??
X	FSH	svcnva.exe	Malware, detected by Ewido Security Suite as TrojanDownloader.Delf.ks
U	fsp	fsp.exe	Folder Shield - hide entire directories and thus prevent access by anyone else to your personal files and documents
Y	fspr	FolderShield.exe	Folder Shield - hide personal files and folders
N	FSScrCtl	FSScrCtl.exe	Screen saver control applet used by the "Stardust Screen Saver Toolkit" and "SolidWorks Screen Saver"
U	fsserv	fserv.exe	Farsighter Server - monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time
X	FSW	FSW.exe	FreeScratchAndWin parasite
U	FSWebServer	fsws.exe	Easy File Sharing Web Server is a Windows program that allows you to host a secure peer-to-peer and web-based file sharing system without any additional software or services
X	FtkCPY	ftkcpy.exe	FlashEnhancer adware variant
U	FtLnSOP_setup	FtLnSOP.exe	Fujitsu scanner utility
U	FTMSFLT(USB)	FTMSFLTU.EXE	Fujitsu's Touch Panel Message Notifier
X	FTP FOR WINDOWS	ftpwin32.exe	Added by a variant of the RBOT WORM!
X	FTPGraber	FTPGraber.exe	Added by the DLOADER-DT TROJAN!
N	FTPManager	FTPDM.exe	"Robust FTP is a Windows-based file transfer client application that transfers files between a user's local PC and another, remote computer system connected via a modem and telephone lines or by a local-area network (with upload transfer resume and download transfer resume)". Can be started manually
U	Ftpqueue	Ftpsched.exe	Part of WS_FTP Pro from Ipswitch. Queueing facility for scheduling FTP transfers
?	FtpServer.exe	FtpServer.exe	Part of Sharpdesk from Sharp Electronics Corp. "An easy to use desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents". Is it required?
U	ftutil2	rundll32.exe ftutil2.dll, SetWriteCacheMode	Related to Promise Technology's FastTrak SX4030/4060 PCI ATA Raid 5 controller (and possibly others)
X	FuckD3w4	FuckD3w4.exe	Added by the BRONTOK-DI WORM!
X	Fucker	fucker.vbs	Added by the CATCHER-A WORM!
U	Fujitsu Hotkey Utility	IndicatorUty.exe	Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed
U	Fujitsu Menu	FjMnuIco.exe	From the "Fujitsu Menu" tray icon you have instant access to the Control Panel, Tablet pc keyboard, Tablet and pen settings, Fujitsu display controls, brightness control, sounds and audio devices, capture screen, capture window, organize favorites, power options, printers and faxes, LCD brightness MIN, LCD brightness MAX, Enable/disable Button Panel and the Fujitsu menu settings, which are customizable
X	fukerservice	fukerz.exe	Added by a variant of the RBOT WORM!
X	FUKLBAR	bar.exe	PurityScan/Clickspring adware
X	Fun	Fun.exe	Added by the COIDUNG-A WORM!
N	FusionHdtvTray	FusionHdtvTray.exe	FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software
U	FusionRC	FusionRC.exe	Remote control manager for DVICO FusionHDTV
U	FusionRemote	FusionRc.exe	Remote control manager for DVICO FusionHDTV
N	FusionTrayAgent	FusionHdtvTray.exe	FusionTrayAgent - main executable for DVICO FusionHDTV software. It adds an icon to system tray that allows you to easily access Fusion HDTV software
X	fvek	fvek.exe	Added by the DRIVOL-A TROJAN!
Y	FveNotify	fveNotify.exe	Windows Vista - BitLocker Drive Encryption Notification Utility. Available with Enterprise and Ultimate versions of Vista, "BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive" - see here
X	FW Manager	fwcheck.exe	Added by the DELBOT-H WORM!
X	FWDMON.EXE	fwdmon.exe	Added by the PROXY-S TROJAN!
Y	fwenc.exe	fwenc.exe	Check Point SecuRemote VPN client - "dynamic and fixed IP addressing for all ISP services - dial-up, cable modem, or DSL - the ideal solution for telecommuters and mobile workers"
X	Fwr Command Module	fwr.exe	Added by the SDBOT-PP WORM!
N	fwrastrc	fwrastrc.exe	Dial-up software for Friendly Technologies/1NationOnLine free ISP
U	fwservice	fwservice	eAcceleration Stop-Sign security software related. Previously not recommended, see here
X	FX	ieloader.exe	Added by the SMALL.RR TROJAN!
U	fxredir	fxredir.exe	Canon MultiPASS fax redirector
X	fzg	svhost32.exe	Added by the DLOADER.BDK TROJAN!
X	f~a	ra32.exe	Added by the CAY TROJAN!
X	g.exe	g.exe	Added by the GRAYBIRD.Q TROJAN!
X	G00123	[worm filename]	Added by the BUGBROS WORM!
X	G0mez	G0mez.vbs	Added by the GORMLEZ-A WORM!
X	G3	GSMedia3.exe	Malware downloader - detected by Kaspersky as the VB.UX TROJAN!
?	g3dctl	g3dctl.exe	??
?	GACService	GACService.exe	Related to a Gemplus product. What does it do and is it required?
X	gadkgak12	fsafsakx12.exe	Added by the ONLINEG-N TROJAN!
N	Gadu-Gadu	gg.exe	Polish language Instant Messaging client
N	Gadwin PrintScreen	PrintScreen.exe	Gadwin PrintScreen - utility to capture, print or save the current window
X	GAELICUM.EXE	GAELICUM.EXE	Added by the PENTA-A TROJAN!
X	gah95on6	gah95on6.exe	ShopAtHome/SAHagent adware
U	gaim	gaim.exe	Gaim is an instant messenger client with capability to connect to AIM, ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu and Zephyr networks
U	Gainward	TBPanel.exe	Configuration utility for Gainward graphics cards. Not required unless you use non-default settings. Available via Start -> Settings -> Control Panel
X	game	shit.exe	Added by the Netclap Gold backdoor TROJAN!
X	game	patcher.scr	Added by the PSW-ED TROJAN!
N	Game Device	JOYUPDRV.EXE	Genius game controller profile activator
X	Game House	GameHouse.exe	Added by the DELF-DRA WORM!
N	GameDrive	GDTask.exe	GameDrive Virtual Driver from FarStone Technology, Inc. Run PC games without the disc
X	Games Acceleration	svshost.exe	EasySearch adware
X	Games Acceleration	[path to trojan]	Added by the SMUTSRCH-A TROJAN!
X	Games Acceleration	svshost1.exe	Added by the DLOADR-AWD TROJAN!
X	Games toolbar	rundll32.exe [path] tbGame.dll, DllShowTB	Topconverting.com180Search "Games Toolbar" adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
N	GameSpot	kontiki.exe	Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
U	gameutil.exe	gameutil.exe	Part of Redline RegTweak as supplied with Sapphire ATI graphics cards. You can configure different overlclocking settings on a per game basis and this sets those conditions following a re-boot
X	gamma	svchost.exe	Added by a variant of the DELF.IT TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
U	GammaHotKeys	setgamma.exe	Part of the RadeonTweaker program for adjusting ATI Radeon graphics cards. Allows you to adjust the gamma (or brightness) when playing a full-screen game without switching back to the desktop
U	GARO Status Monitor	cnwism.exe	Print monitor for certain Canon printers
X	gaSrv	gaSrv.exe	Adware downloader, identified by Panda antivirus as Trojan.Downloader.ALQ
X	gaSrve	gaSrve.exe	Adware downloader, identified by Panda antivirus as Trojan.Downloader.ALQ
X	Gate Personal Firewall	Systpl.exe	Added by the RBOT.ADC WORM
N	Gateway Extended Warranty	GWCares.exe	Gateway Extended Warranty reminder
X	Gator	gator.exe	Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	Gator eWallet	gator.exe	Gator eWallet adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	Gay_Sexy_**	Gay_Sexy_**.exe	Premium rate adult content dialler (where * is a random char)
U	GazelDisplay	gsyno.exe	BT Digital Access USB - Gazel ISDN installation System Tray icon
Y	GBMHome7Agent	GBMAgent.exe	Genie Backup Manager Home 7 - backup software
Y	GBMLite7Agent	GBMAgent.exe	Genie Backup Manager Lite 7 - backup software
Y	GBMPro7Agent	GBMAgent.exe	Genie Backup Manager Pro 7 - backup software
Y	GBSpaceMan	SpaceMan.exe	GreenBorder - secure your browsing activities on the internet
U	GBTray	GBTray.exe	System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
X	gCac	gcac.exe	Added by the TACTSLAY.U TROJAN!
X	gcasDtServ	gcasDtServ.exe	Added by an unidentified WORM or TROJAN. Note - this is not related to Microsoft Antispyware which has a process bearing the same name which doesn't appear as a startup
U	gcasServ	gcasServ.exe	Giant Antipsyware - now superseeded by Microsoft Windows AntiSpyware
X	gcasServ	realsched.exe	Added by a variant of the TACTSLAY.A TROJAN! Note - this is not the legitimate RealOne Player (realsched.exe) application of the same name
?	GCC Reminder	gccrem.exe	Associated with AcraMax Greeting Card Creator. Is it a registration reminder?
N	GCS	GrabClipSave.exe	GrabClipSave screen capture tool
X	GDAX	[path to backdoor]	Added by the RANKY.K TROJAN!
X	gdcw	GDCW.exe	WinAnonymous spyware remover - not recommended, see here
X	gdien32	gdien32.exe	Added by the SINGU-P TROJAN!
X	gdimx	gdimx.exe	MPB-D dialer. Note - provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "gdimx"
U	GDMgr.exe	gdmgr.exe	GuardMon is a commercial surveillance software program designed to monitor all forms of user activity on a computer
N	GDrive	GDriver.exe	Found on IBM systems. All it does is set the CDROM drive letter to G:. Set your drive letter manually via Start -> Settings -> Control Panel -> System -> Device Manager
N	Gearbox	confsvr.exe	NTL's Gearbox software for configuring internet connections with their NTLWorld software - does a similar job to the Internet Connection Wizard which can be used instead using the dial-up details available here
N	GEARsec	gearsec.exe	Installed by Apple Quicktime package - iPod/iTunes CDRW support. Can be disabled if you only require Quicktime player
X	GEDZAC	GEDZAC.exe	Added by the GEMEL WORM!
X	Gekio Startups	gnksvc32.exe	Added by the AGOBOT.AFJ WORM!
N	GemStRmW	GemStRmW.exe	For a GemPlus smart card reader. If it doesn't start automatically when you insert the smart card, start it manually
X	gencroot	gencroot.exe	Added by the SDBOT-AED WORM!
U	Gene USB Monitor	USBMonit.exe	Monitors USB ports for insertion of Sandisk USB flashdrives
X	general lptt01	general.exe	RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	general ml097e	general.exe	RapidBlaster variant (in a "General" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	Generic host proccess for windows	SVCHOSTS.EXE	Added by the SPYBOT-GQ WORM!
X	Generic Host Process	SCHOST.EXE	Added by the RBOT-NC WORM!
X	Generic Host Process	svchost.exe	Added by the DLOADER-NX TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Generic Host Process	camacttiv.exe	Detected by AVG Anti-Spyware as the CIADOOR.13 TROJAN!
X	Generic Host Process for Win32 Service	svlhost.exe	Added by the WOOTBOT.EX WORM!
X	Generic Host Process for Win32 Service	svchost.exe	Added by the SPYBOT.NC WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Generic Host Process for Win32 Services	ntspcv.exe	Added by the SDBOT.S TROJAN!
X	Generic Host Process for Win32 Services	intspvc.exe	Added by the DINFOR.D WORM!
X	Generic Host Process for Win32 Services	winsvc.exe	Added by the SDBOT-O WORM!
X	Generic Host Process for Win32 Services	bazzi.exe	Added by the AHKER.E WORM!
X	Generic Host Process for Win32 Services	winsvc32.exe	Added by the SDBOT-P WORM!
X	Generic Host Process for Win32 Services	lspsvc.exe	Added by the MUMU.C WORM!
X	Generic Host Process for Win32 Services	SPSVC.EXE	Added by the SDBOT.DA WORM!
X	Generic Host Process for Win32 Services	svchost32.exe	Added by the AGOBOT.ALH WORM!
X	Generic Host Process for Win32 Services	sv?h?st.exe	Added by the DLOADER.AK TROJAN!
X	Generic Host Process for WinXP Services	mshelp.exe	Added by the AGENT-GQP TROJAN!
X	Generic Host Process2 System Backup	scvhost2.exe	Added by the RBOT-BAH WORM!
X	Generic Host Process326a System Backup	scvhost326a.exe	Added by a variant of the SDBOT WORM!
X	Generic Host Service	lshost.exe	Added by the RBOT.LU WORM!
X	Generic Service Process	regsvc32.exe	Added by the GAOBOT.UJ or GAOBOT.UL WORMS!
X	Generic Service Process	serv1ces.exe	Added by the AGOBOT-JK WORM!
X	Generic Service Process	nvsvc.exe	Added by the AGOBOT.BY WORM! Note - this is not the valid NVIDIA Driver Helper Service and is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Generic Services Process	regsvc32.exe	Added by the GAOBOT.SY WORM!
X	GenericHostXP	WinLoaderXP.exe	Added by the BDOOR-ACX TROJAN!
Y	Genie USB Monitor	USBmonitor.exe	Port monitor for an external USB hard drive. Required to enable access to the drive
X	Geography TX 1.0 NT	CompuSpeed.vbs	Added by the NEWLEY-A WORM!
X	Gerenciamento de arquivos do Windows	Winmod32.exe	Added by the DLOADER-WG TROJAN!
X	german.exe	winsystems.exe	Added by the BAGLEDl-AE TROJAN!
X	german.exe	wintems.exe	Added by the BAGLE-AS TROJAN!
X	Gestionnaire de disques universel	sysoobe.exe	Added by the TOADER-A TROJAN!
N	Get Smile	getsmile.exe	Puts smilie faces in your E-mail. Run manually when required
X	Get-Torrent Service	wakeservice.exe	Get-Torrent bittorrent client - Installs LOP adware
Y	Getca	InfoMyCa.exe	Monitor for a Belkin USB Wireless adapter
X	GetMP3	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
N	GetRight Tray Icon	GETRIGHT.EXE	GetRight from Headlight Software - download manager for resuming downloads and choosing multiple download locations. The freeware version is/was spyware. The registered version isn't if you don't install the Aureate/Radiate software. Available via Start -> Programs
X	GetTheMusic	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	getwin	winB_.exe	Added by the BANKER-HS TROJAN!
X	gf1.0.0.2	ggf.exe	Added by the EDFON.A TROJAN!
X	gfxtray	rundll32 ctccw32.dll, findwnd	Detected by Kaspersky as the AGENT.AOU TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
U	GhostSecuritySuite	gss.exe	Ghost Security Suite - protect the registry from unauthorized reading and modification and other tools
N	GhostStartService	GhostStartService.exe	Required to run the Windows based wizard in Norton Ghost - added from the 2003 version. Will start automatically when you run the wizard
N	GhostStartTrayApp	GhostStartTrayApp.exe	System Tray access to Norton Ghost - added from the 2003 version
?	GhostSurfDelSatellite	DeleteSatellite.exe	SpyCatcher spyware remover related. What does it do and is it required?
Y	GhostSurfDelSatellite	DeleteSatellite.exe	Part of SpyCatcher spyware remover from Tenebril. Prevents rogue programs from sending personal information to a remote user via the Internet. If you use SpyCatcher with real time scanning, you'll want to leave this file in place
X	gigabit.exe	gigabit.exe	Added by the BEAGLE.U WORM!
X	GigaByte	Cheatle.exe	Added by the SHODI.B VIRUS!
Y	Gilat SOM Enumerator	dllhost.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
Y	GilatFTC	ftc.exe	For Gilat Communications internet satellite systems - associated with SkyBlaster modem. Required if you have this system
X	gimmygames	[path to trojan]	Added by the DLOADR-LN TROJAN!
X	gimmysmileys	gimmysmileys.exe	GimmySmileys adware
X	GinaDll	ntgina.dll	Added by the ANIG.A WORM!
?	GisdnLog	gisdnlog.exe	BT Digital Access USB
U	Glass2k	Glass2k.exe	"Glass2k is a small little program that allows Win2K/XP users to make any window transparent"
X	GLF Network Lan Monitor	NPFMNTOR.exe	Added by the RBOT-AGY WORM!
Y	Glide	Glidew32.exe	Cirque touchpad driver
X	Global Startup	WinDash.EXE	Detected by Kaspersky as the VB.Q WORM!
X	GlobalSCAPE	[random filename]	Added by the RBOT-AYM WORM!
X	GLSetIT32	msiexec16.exe	Added by the OPTIX PRO TROJAN!
X	GLSetIT32	isass.exe	Added by a variant of the OPTIX PRO TROJAN!
X	GLSetT32	smsiexec.exe	Added by the OPTIX-D TROJAN!
?	gluon	gluon.exe	In a gluon/bin sub-directory
X	glv	glv.exe	Added by the DLOADER-NG TROJAN!
X	GMedia2	GSM2.exe	Malware downloader - detected by Kaspersky as the VB.UX TROJAN!
X	GMedia2	GSMedia3.exe	Malware downloader - detected by Kaspersky as the VB.UX TROJAN!
Y	Gmouse	Gmouse.exe	Amouse mouse driver - required if you use non-standard Windows driver features
U	Gnetmous	gnetmous.exe	Genius NetScroll+ mouse driver - required if you use non-standard Windows driver features
U	GNETMOUSE	gnetmouse.exe	Genius mouse driver - required if you use non-standard Windows driver features
X	GNP Generic Host Process	svchost.exe	Added by the ZAPCHAS TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
X	GNP Generic Host Process	svchost.exe	Added by the ZAPCHAS-R TROJAN! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup and is always located in the System32 folder. This worm file is found in the System folder
X	GNP Generic Host Process	svchost.exe	Added by the ZAPCHAS-AA TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This one replaces svchost.exe in the System32 folder with a copy of Mirc on (NT/2K/XP) systems and just adds svchost.exe to the System folder on (9x/Me) systems
?	gnub	gnub.exe	??
X	go	cvir.exe	Added by the SILOV-A WORM!
X	Go!Zilla	gozilla.exe	Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
X	Go!Zilla Monster Downloads	Go.exe	Download manager for resuming downloads and choosing multiple download locations. Advertising spyware
U	GoBack	GBMenu.exe	Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
U	GoBack	GBTray.exe	System Tray icon access to Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
U	GoBack Polling Service	GBPoll.exe	Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
U	GoBack Tray Icon	GBTray.exe	Roxio's (nee Adaptec) GoBack software which allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users
X	GOG	GOG.exe	Added by the PHILIS.B VIRUS!
X	goidr	goidr.exe	Goidr adware
U	Goldensoft_MndlSvr	MndlSvr.exe	Goldensoft CD Ghost related - turns a computer into a 200X-speed CD-ROM tower. Working from the hard drive, users can simultaneously access as many as 23 virtual CD-ROM drives at a speed of 200X for true multitasking
X	Golum	services.exe	Added by the GOLUM.A TROJAN! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X	golumm	services.exe	Added by the DLOADER-ET TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "golumm" subfolder
X	good	badvir.exe	Added by the SILOV-B WORM!
X	google	google.exe	Added by the RBOT-AMW WORM!
U	Google Desktop	GoogleDesktop.exe	Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
N	Google Desktop Search	GoogleDesktop.exe	Google Desktop Search - "a desktop search application that provides full text search over your email, computer files, chats, and the web pages you've viewed. By making your computer searchable, Google Desktop Search puts your information easily within your reach and frees you from having to manually organize your files, emails, and bookmarks"
X	Google Earth	[random filename]	Added by the RBOT-AXK TROJAN!
N	Google Earth Viewer	GOOGLEMAPS.EXE	Google Earth "combines satellite imagery, maps and the power of Google Search to put the world's geographic information at your fingertips"
U	Google IME Autoupdater	GooglePinyinDaemon.exe	Google Pinyin Input Method Editor (IME) - allows a user to input Chinese characters by entering the pinyin of a Chinese character (with or without tone, depending on the system) and then presenting the user with a list of possible characters with that pronunciation
X	google Intrenet Explorer	google.pif	Added by the RBOT-ARA WORM!
X	Google service	Googlesetup.exe	Added by the IRCBOT-RJ WORM!
X	Google Service FR	GO0GLEFREE.EXE	Added by a variant of the SPYBOT WORM!
X	google toolbar	ggtb32.exe	Added by the AGOBOT-RR WORM!
N	Google Updater	GOOGLE~1.EXE	Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)
N	Google Updater	GoogleUpdater.exe	Downloads and installs updates for Google applications (Google Earth, Google Desktop, etc.)
X	GoogleBot.exe	GoogleBot.exe	Added by the GB TROJAN!
N	GoogleDCClient	GoogleDCC.exe	Google Compute Client - only present if you installed the Google Toolbar with "Google Compute" client active. Does complex calculations in the background when idle. If you want to turn it off go to your browser, click on the little double-helix on the Google Toolbar, and click "Stop Computing". No longer supported
U	googletalk	googletalk.exe	Google Talk "enables you to call or send instant messages to your friends for free-anytime, anywhere in the world". Can be launched manually
U	GoToMyPC	g2svc.exe	ExpertCity GoToMyPc logon - web-based remote-access solution that allows individuals and companies to register their computers online and then securely access those computers from any web browser
X	GotSmiley	GotSmiley.exe	GotSmiley - ad supported program that provides the user with smileys for use in emails. Not recommended. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	gouday.exe	readme.exe	Added by the BEAGLE.C WORM!
X	GPLv3	[random name].dll	Vundo adware
X	gpmce	window.exe	Detected by Kaspersky as the VB.CK WORM! See here
N	GRA	gra.exe	Looks at system resources at startup and warns you if they have dropped. Contains links to the Disk Clean Up, Defrag and Start Up Menu. It does have a link to a startup configuration utility. Similar to msconfig but can keep a list of disabled apps. Not really necessary. Only appears if you load the Gateway Startup Utility
?	gramdate	2Stop.exe	??
X	Graphic Driver	smss32.exe	Added by a variant of the RBOT WORM!
X	Graphic Loader	ntvdm32.exe	Added by a variant of the RBOT WORM!
X	Graphic Update	openglx.exe	Detected by PCTools as the IRCBOT.BIM TROJAN! See here
X	Graphics	_default.pif	Added by the AUTOSKY WORM!
X	Graphics adapter service	windll.exe	Added by the ATNAS.A WORM!
U	Gravis Appawareloader	dbserver.exe	Looks like it's associated with Gravis game controllers and the Keyset Manager, allowing the user to program the buttons for games that don't support them
U	Gravis Xperience Driver Support	Grxp4exe.exe	Driver for Gravis game controllers such as the Eliminator Aftershock. Must be loaded if you run the supplied application software for the controller to be recognized. Start it manually via a shortcut if not used
?	GrdSys32	GrdSys32.exe	X-Stream ISP software. Offers free Net access funded by on-screen ads. Is it required or can you create your own dial-up networking connection to use on demand?
X	GreasyPalmUpdate	GreasyPalmUpdate.exe	SearchFast adware
N	Greetings Workshop	GWREMIND.EXE	You really want to be reminded about somebody's birthday at the expense of resources?
X	gremier	wscript.exe gpremier.vbs	Added by the GPREMIER WORM! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "gpremier.vbs" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Gremlin	intrenat.exe	Added by the DOOMJUICE WORM!
N	Grokster	Grokster.exe	Grokster Peer-To-Peer File Sharing program
Y	Groove Virtual Office	Groove.exe	"Groove Virtual Office uses a peer-to-peer networking model to connect users in Groove Workspaces. In these workspaces geographically dispersed coworkers can do almost everything they could do in the same office. They can hold online meetings, store files and folders, save threaded discussions, scribble on whiteboards, share calendars, and track project information and timelines." Formerly by Groove Networks - now owned by Microsoft and part of MS Office
Y	GrooveMonitor	GrooveMonitor.exe	Microsoft Office Groove 2007 - Groove Folder Sharing synchronization (GFS). If you kill it, your GFS workspaces may not synchronize properly (particularly around unread-marks), and you might experience some nagging discomfort
N	GrpConv	grpconv.exe	Microsoft Windows Program Group Converter - used by installers (ONLY in the RunOnce keys) - provides the translation of groups and group items to folders and links. Also see this MS Knowledge Base article
X	GsAds	gms2.exe	PacerD_Media/Pacimedia.com adware
?	Gscbc	Gscbc.exe	??
X	gshp	zzgshp.vbs	Homepage hi-jacker
N	Gsiconexe	Gsicon.exe	ADSL modem monitor from Eicon Networks (as used by BT for its Broadband internet service for example). Can safely be disabled without affecting the connection - all this does is give an indication of connectivity and access to the diagnostic facilities
?	GsiFinal	rundll32 gspndll.dll, postInstall final	USB DSL modem related - [what does it do and is it required in startup?
?	GSISETUP	[path] GsiInst.exe INSTALL [path] V205Res 13	BT Voyager ADSL modem related - what does it do and is it required?
N	GSOrganizer	GSOrganizer.exe	GoldenSection Organizer (now WinOrganizer - personal information manager
X	gssomatic	gssomatic.exe	Searchcentrix hijacker
Y	gStart	gStart.exe	gStart GPS software from Garmin
X	GStartup	GMT.exe	Gator spyware component - see here. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	gsv	gsv.exe	Added by the ROBAL 1.0 backdoor TROJAN!
X	GT	GT.EXE	Added by the SDBOT-AJ WORM!
U	GTVEpg	GTVEpg.exe	Part of Got All Media - control your TV tuner and other utilities from your PC
X	GTVRec	GTVRec.exe	Part of Got All Media - control your TV tuner and other utilities from your PC
N	Gtwatch	gtwatch.exe	Associated with a Mustec scanner and not required
X	gtydf	iisca.exe	Added by the CLAGGER-BB TROJAN!
X	gtydf	iscca.exe	Added by the DWNLDR-GTK TROJAN!
X	gtydf	ggrrgg.exe	Added by the DLOADR-AZK TROJAN!
U	Guard	Guard.exe	Related to Phoenix Technologies Core Managed Environment (cME) Integration and Certification program
N	Guardian	CMGrdian.exe	McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
U	Guardian PC Security Tools	Pfft.exe	Boomerang Software's Guardian PC Security Tools - now rebranded as the eXtendia Security Suite
X	guarnset	guarnset.exe	Adlogix adware
X	gummy	gummy.exe	Added by the VANEBOT-AQ WORM!
X	GURL	gurl.exe	GURLWatcher spyware
U	GuruNet	GuruNet.exe	GuruNet lets you click on any word on your screen to get the relevant information you want
X	GustavVED	[filename].exe	Added by the OPASERV.H WORM!
X	gvagfxj	rundll32 ...gvagfxj.dll	Unidentified adware, spyware or virus
Y	gw port controller	PORTCT95.EXE	From a visitor - "I must keep it active in start up or my Lexmark printer and RCA Cam program cannot discover a working port to work". From the file properties, the file is known as "Smart Thru Fax Drive Spy" and is supplied by Samsung
N	GWInkMonitor	GWInkMonitor.exe	Gateway ink monitor - makes an annoying popup that says your printer may be running out of ink, do you want to buy some!
X	gwiz	ntsystem.exe	Added by the NITWIZ.A TROJAN!
X	gwiz	arpl.exe	Detected by F-Prot as W32/Downloader-Sml-based
N	GWMDMMSG	GWMDMMSG.exe	Used with internal modems on Gateway and vprMatrix PCs. This is the "GTW modem messaging applet" and is not required for the modem to work correctly
U	GWMDMpi	GWMDMpi.exe	Used with internal modems on Gateway PCs such as the 450SX Notebook. Required for audio settings to be maintained and does not remain in memory once run. See here for more information
U	gwum	gwum.exe	Gigabyte utility manager. Loads if you have a Gigabyte motherboard and got a full bundle of utilities installed. Monitors CPU, fans, BIOS etc. Only used by system "tweakers"
?	gyy	gyy.exe	Possibly Gator (and therefore spyware) related?
X	G_Server.exe	G_Server.exe	Added by the FEUTEL-C TROJAN!
X	G_Server1.2.exe	G_Server1.2.exe	Added by the GRAYBIRD-Z TROJAN!
U	H/PC Connection Agent	WCESCOMM.EXE	Active sync for use with Windows CE based palm PC
Y	H2O	cledx.exe	Related to copyright protection products by SyncroSoft
U	H2OWIBU	CXWibu.exe	Related to CodeMeter from WIBU-SYSTEMS AG. Software protection hardware
X	h4te Service Drivers	h4te.exe	Added by a variant of the RBOT WORM!
X	hachimitsu-lemon	hachimitsu-lemon.exe	Added by the HACHILEM TROJAN!
X	HackMuFpt	HackMuFpt.exe	Added by the SCLOG-AG TROJAN!
X	hagent	avp.exe	Added by the "Herman Agent" remote access TROJAN!
U	HalifaxHowardCluster	skinkers.exe	"Howard the Weatherman" desktop client from Halifax by Skinkers - marketing/messaging tool. Leave enabled if you want to receive messages
Y	Hamachi	hamachi.exe	LogMeIn Hamachi remote control and VPN software
U	HaMFrontPanel	hampanel.exe	Displays a panel simulating modem lights for the Intel HaM internal modem. The lights are useful as a reminder to disconnect from the net if you are likely to forget, but otherwise pointless
U	Handy Backup 3.9	hbagent.exe	Handy Backup - automatic backup of your critical data to virtually any type of storage media including CD-RW devices and remote FTP servers
X	HanUpdate	hanz.exe	Added by the RBOT-GLJ WORM!
N	Hard Disk Sentinel	HDSentinel.exe	Hard Disk Sentinel - a multi-OS hard disk drive monitoring application. Its goal is to find, test, diagnose and repair hard disk drive problems, display hard disk health, performance degradations and failures
X	Hard drive Controller	hdcontroller.exe	Added by the KIMAN.B WORM!
U	Hardware Doctor	Hwdoctor.exe	Winbond Hardware Doctor - as included on some motherboard using Winbond's hardware monitoring chips. Displays fan speeds, voltages, temperatures. Only required if you're concerned about your system temperature - typically for "overclocked" systems
X	Hardware Monitor Service	mshms.exe	Added by the WOLLF-A TROJAN!
X	Hardware Profile	hxdef.exe	Added by a variant of the LOVGATE WORM!
X	Hardware Profile	hxdef.exe...	Added by a variant of the LOVGATE WORM!
U	Hardware Sensors Monitor	hmonitor.exe	Utility to monitor fan speed and temperatures - similar to Motherboard Monitor. Only required if you're concerned about your system temperature - typically for "overclocked" systems
X	Hardware Shell Detection	WinHSD.exe	Added by a variant of the RBOT WORM!
U	Hare	hare.exe	Hare - improve and optimize performance of desktop/laptop PCs
X	HATAPE	[path to trojan]	Added by the BANKER-QF TROJAN!
U	HawkEye	HAWK_95.EXE	Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
U	HawkEye IV Control Panel	HAWK_32.EXE	Control Panel application for the old Number Nine graphics cards to change resolution, colour depth, etc. Available via Start -> Programs
X	Hbinst	Hbinst.exe	Hotbar adware
N	HC Reminder	hc.exe	For Compaq PC's. Help Compiler, crunches help database, will run without being in startup when needed
N	HCDetect	HCDetect.exe	MS HomeClick Network - simple home network setup and configuration program included with 3Com HomeConnect home networking products. Runs in the background for network printer notification, detection, and Internet Connection Sharing (ICS) taskbar icon. Not required - network can be set-up manually, also has a known memory leak problem
U	hcenter	tgcmd.exe	See also TgAddServer. This part ensures the software is installed correctly (similar to an installation wizard) as reported by Cox Regarded as spyware by some as it has the ability to retrieve user information. Whether it does so depends upon the provider. One Toshiba user reports problems with hibernate on his laptop if disabled - hence the "U" recommendation
X	hclean32.exe	hclean32.exe	Wareout - malware masquerading as a spyware and dialer remover
U	Hcontrol	hcontrol.exe	Hotkeys on an ASUS Notebook. Only required if you use the additional keys
N	hcsystray	hc_tray.exe	Kuma Notifier for the Shootout! game from the History Channel. "It lets you know whenever there?s a new episode that?s been released or an announcement from the Kuma team. Just click it to get up-to-the-minute game and event information"
N	HDAShCut	HDAShCut.exe	High definition audio page shortcut for Realtek audio devices - not required
X	HDAudio	hda.exe	Added by the TACTSLAY.U TROJAN!
X	HDAudio Driver 1.0	[random filename].exe	Added by the TEADOOR-D TROJAN!
X	HDAudio Driver 2.0	[random filename].exe	Added by the TEADOOR-E TROJAN!
U	HDDHealth	hddhealth.exe	HDD Health is a "full-featured failure-prediction agent for machines using Windows 95, 98, NT, Me, 2000 and XP. Sitting in the system tray, it monitors hard disks and alerts you to impending failure"
U	HDDlife	HDDlife.exe	HDDlife checks the health of your hard drives at regular intervals and informs you about the results of these checks
?	HDhelp	tbhdhelp.exe	Associated with Philips Edge series soundcards. Is it required?
X	hdlfoe df98ndf	svchots.exe	Added by a variant of the RBOT WORM!
X	hdlpscom	[8 random letters].exe	Added by the RBOT-FUL WORM!
N	HDtray	HDtray.exe	Philips Edge Series Control Panel Tray Utility - system tray icon for a Philips Edge series soundcards. Available via Start -> Settings -> Control Panel
X	he3bbcff	rundll32.exe he3bbcff.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3bbcff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	he3e3fc4	rundll32.exe he3e3fc4.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "he3e3fc4.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	HELLBOT TEST	1hellbot.exe	Added by the MYDOOM.BO WORM!
X	HELLBOT3	coolbot.exe	Added by the MYTOB.AB WORM!
X	hellfire	svchost.exe	Added by the LEOX.D TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	hellodolly	shost.exe	Added by the YODO WORM!
X	helloworld	nb32ext2.exe	Added by the MYDOOM.BV WORM!
X	helloworld	nb32ext3.exe	Added by the MYTOB.JT WORM!
X	helloworld3	nb32ext4.exe	Added by the RITDOOR.A WORM!
?	Help	helpext.exe	??
X	help	help.scr	Added by the BANCOS-BBU TROJAN!
X	Help	Wizardnil.exe	Added by the BANCOS-BCZ TROJAN!
X	Help and Support Service	usnsvc.exe	Detected by Kaspersky as the SDBOT.AAD TROJAN! See here
X	Help Temp Files	netreg.exe	Added by the FORBOT-EM WORM!
X	helpctl.exe	helpctl.exe	Added by the GASLIDE TROJAN!
X	Helper	eschlp.exe	Added by the BLASTER.T WORM!
X	HELPER	greece nm.exe	AsdPlug premium rate adult content dialer variant
X	HELPER	Netherlands.exe	AsdPlug premium rate adult content dialer variant
X	HELPER	new zealand.exe	AsdPlug premium rate adult content dialer variant
X	HELPER	sweden.exe	AsdPlug premium rate adult content dialer variant
X	HELPER	canada.exe	AsdPlug premium rate adult content dialler variant
X	HELPER	france.exe	AsdPlug premium rate adult content dialler variant
X	HELPER	temp532.exe	AsdPlug premium rate adult content dialler variant
X	helper.dll	rundll32.exe [path] helper.dll	CnsMin (Chinese Keywords) hijacker related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	HelpExp.exe	HelpExp.exe	Attune HelpExpress - spyware. Disable and uninstall - see here
X	helpmanager	spoler.exe	Added by the RANDEX.J WORM!
X	helpo	helpo.exe	Added by the BANLOA-BU TROJAN!
X	helpw	helpw.exe	Adware downloader
X	hen	[filename].exe	Added by the TARNO.G TROJAN!
X	heomstool	heomstool.exe	Added by the HEOMS TROJAN!
X	hErcUnes	softhost.exe	Added by the GARROCH WORM!
U	Hermes Messenger	DGDRHE~1.EXE	A LAN messenger alternative to WinPopUp - Digital Dreams Software
X	Hewlett Packard Manager	hpmanager.exe	Added by the MYTOB.KE WORM! Note - this is not a valid Hewlett-Packard program
N	Hewlett Packard Recorder	Remind32.exe	HP multifunction registration
U	Hf	Hf.exe	Hide Folders - hide your folders so only you can view them
X	HF Security	hfsecure.exe	Added by the AGOBOT-TI WORM!
U	hffsrv	hffsrv.exe	Hide Files & Folders is a "password-protected security utility working at the Windows kernel level allowing you to password-protect files and folders, or to hide them securely from viewing and searching"
U	hfxp	hfxp.exe	Hide Folders XP - hide your folders so only you can view them
X	hgqhp.exe	hgqhp.exe	Added by the FLUSH.F TROJAN!
N	HGTXPEI	FirstReboot.exe	Herucles Audio tool for the Hercules Game Theater XP soundcard. Available via Start -> Settings -> Control Panel
X	hhtnsn	rnxntup.exe	Added by a variant of the ORCU.B TROJAN!
?	HiberMonitor	HCount.exe	??
U	Hibernation	hib32.exe	Reduces the power consumption when the laptop isn't being used to preserve battery power. Similar programs on other laptops reduce the processor clock rate, etc. Required if you run of battery regularly
X	Hid.exe	hid.exe	Added by the RATSOU.B TROJAN!
U	HideOE	HideOE.exe	HideOE - allows you to 'hide' Outlook Express or minimize it to the System Tray
X	HideRun.exe	Hiderun.exe and svhost.exe and pro.gif	Added by the BOOHOO WORM!
X	HideStyle	Ante Browse Trust.exe	IE toolbar taking you to Lop.com. If the exe is running, end it and remove the "Stupidmore" directory from C:Program Files
U	hidserv	hidserv.exe	This is the Human Interface Device Server for Win98SE/2000/Me/XP, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to MMHid in Win98. On HP Computers, HIDSERV is the controller for the keyboard sound controls on the USB and PS/2 keyboards
X	hid_start	gzmrotate.dll	AdRotator/IconAds adware
N	High Definition Audio Property Page Shortcut	HDAudPropShortcut.exe	Realtek audio card related - probably adds the odd feature to one of the "Sounds" Control Panel applet tabs - doesn't appear to be required
N	High Definition Audio Property Page Shortcut	HDAShCut.exe	High definition audio page shortcut for Realtek audio devices - not required
U	High Definition Audio Property Page Shortcut	CHDAudPropShortcut.exe	Realtek high definition audio related
Y	HighPoint ATA RAID Management Software	raidman.exe	HighPoint RAID management - hard disk striping/mirroring utility for increased performance and reliability. See here for more information on RAID
X	Highspeeddownloader	SetupClickHere.EXE	Homepage hijacker, redirecting to "turbo-search101.com" - see here
U	HijackThis startup scan	HijackThis.exe	HijackThis lists the contents of key areas of the Registry and hard drive areas that are used by both legitimate programmers and hijackers. The program is continually updated to detect and remove new hijacks. It does not target specific programs and URLs, only the methods used by hijackers to force you onto their sites. As a result, false positives are imminent, and unless you're sure about what you're doing, you always should consult with knowledgable folks before deleting anything. Required if you'd like HijackThis to run a scan at startup, and show the results when new items are found (if so, check the appropriate box in the "Config" section")
X	HijSrv32	hijsrv.exe	Added by the BANKGERM-D TROJAN!
X	himem.exe	[path to worm]	Added by the STRATION-FW WORM!
X	HistoriaLout.	GDC.exe	Added by and unidentified misleading security program
N	HistoryKill	histkill.exe	HistoryKill removes your web surfing path by removing the URL drop-list history, detailed history file, cache, and cookies in both IE and Netscape Navigator browsers. Available via Start -> Programs
U	Hitman Pro SurfRight Helper	srhelper.exe	Hitman Pro - a utility to start a number of Security Protection software. They can be started individualy
X	HitQ	HitQ.exe	Hijacker, for more information see here
U	HitwarePKLite	HITWAR~1.EXE	Hitware Popup Killer Lite
X	HIV	HIV.exe	Added by the HIVA TROJAN!
U	hk	hk.exe	KeyLoggerExp keystroke logger/monitoring program - remove unless you installed it yourself!
U	hkcmd	hkcmd.exe	Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
X	HKEYok	runlli32.exe	Added by the QQPASS-U TROJAN!
X	HKLM\Run	windowsupdate.exe	Added by the FORBOT-BJ WORM! (where HKLMRun represents HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun)
U	hkserv	HKserv.exe	Keyboard manager program required to use programmable power and function keys on some laptops such as the Sony PCG R505TS
U	hkss	hkss.exe	Compaq HotKey Support - multimedia keyboard support
X	HLcleanup	hlsetup2.exe	LinkReplacer/FFinder adware
X	hldrrr	hldrrr.exe	Added by the BAGLE-KF WORM!
X	hlhtxo.exe	hlhtxo.exe	Added by the QLOWZONES-27 TROJAN!
X	HLL Data Parameter	hllcxpa.exe	Added by the RBOT.AFG WORM!
X	HMI PowerSystem	hmisvc32.exe	Added by the RANDEX.CZZ WORM!
X	HML PowerSource	hmlsvc32.exe	Added by the SDBOT-XL WORM!
U	Hmonitor	Hmonitor.exe	Hardware sensor monitoring program. Only required if you overclock your system and want to check on the status
X	HMV PowerSource	hmusvc32.exe	Added by the SDBOT-YW WORM!
X	ho2stdll.exe	ho2stdll.exe	Added by the BANKER-HO TROJAN!
X	HOI Services	holsvc32.exe	Added by the AGOBOT-SF WORM!
N	Holiday Lights	Holiday Lights.exe	Holiday Lights from Tiger Technologies. Festive desktop enhancement that adds lights. Available via Start -> Programs
X	Hollaback	slvhosts.exe	Added by the SDBOT.BMO WORM!
N	Home Theater SchSvr	SchSvr.exe	WinScheduler is installed with Home Theater Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
U	HomeAlarm	HomeAlarm.exe	Chameleon Clock - system tray clock replacement
?	HomeCentre WakeUp	LGWAKEUP.EXE	Associated with the no longer supported Xerox HomeCentre printer/scanner
X	Homeland Network	HomelandNetwork.exe	Homeland Network Notifier - pops ads
X	homepage.monitor.exe	isamonitor.exe	Added by the ZLOB-QK TROJAN!
U	HondaHelper	HondaHelper.exe	Part of Honda Music Link which allows you to use your Honda's audio system's controls to play and search for music on your iPod? in you car
?	Honor	honor.exe	??
U	Hook99startup	hk2re.exe	"Hook99 enables the user to customize the start button. You can change or remove the text and replace the Windows flag on button with icon of your choice. Supports Windows icons, bitmaps and can extract icons from executables and libraries. Hook99 can also make the background of desktop icons captions transparent"
U	HookSys	HookSys.exe	SurfinGuard Pro from Finjan - internet protection software, protects against all malicious code delivered through executables, scripting files, ActiveX and Java
U	HornetMonitor	MntrHrnt.exe	Hornet Monitor - monitoring system that detects and responds to unauthorized access attempts and sources of channel interference on any local DSSS network
Y	HorngTech4D	bally4d.exe	HorngTech 4D mouse driver
X	Host	N/A	Added by the POPDIS or STARTPAGE.F TROJANS!
X	host	help.exe	Identified as the DELF.LF by Ewido Security Suite
X	Host Process	mame.exe	Added by the RBOT-APO WORM!
X	Host Process	svchost.exe	Detected by Kaspersky as the AGENT.DGO TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! The file is located in the Fonts directory
X	hostdll.exe	hostdll.exe	Added by the BANKER-BO TROJAN!
U	HostManager	AOLHostManager.exe	Manages a component essential to the operation of most current AOL software. If you remove it from startup it will load when IE is launched, increasing launching time
N	HostManager	AOLSoftware.exe	Quoted from AOL Beta Team, "Manages a component essential to the operation of most current AOL software, client or not. You should be able to remove it from Startup (it'll just load when Explorer is launched, which will extend load time a bit), but do leave it on your system".
X	Hostname Manager Server	host32srv.exe	Added by a variant of the RBOT WORM!
X	Hostren.exe	Hostren.exe	Added by PWS.BANKER.F, a variant of the BANKER-BO TROJAN!
X	hostserv	hostserv.exe	Added by the RBOT.BPZ WORM!
X	hostserv	wiz98.exe	Added by a variant of the SDBOT WORM!
U	HostsFileMgr	winHostsEdit.exe	AdBin from Gilmore Software Development. An easy solution to managing your Window's hosts file
U	HostsMan	hm.exe	"HostsMan is a freeware application that lets you manage your Hosts file with ease". It is mainly intended to block specific domains (mostly advertising servers) by redirecting them to localhost, but can also be used to add any other domain/Ip combination that you want to be included in the HOSTS file
X	HostSrv	sachostx.exe	Added by the LOOKSKY.H WORM! Drops multiple files in the System (9x/ME) or System32 (NT/2K/XP) folders
X	HostSrv	sachostx.exe	Added by the LOOKSKY.A or LOOKSKY.F or LOOKSKY.G WORMS!
X	HostSrv	sachostx.exe...	Added by the LOOKSKY.E WORM!
X	HostSVC syse	HostSVC.exe	Added by the RBOT-ANZ WORM!
U	Hot Corners	Hotc.exe	Hot Corners - "lets you quickly activate or disable your screen saver by moving the mouse into a given corner of the screen"
X	HOT FIX	Gothic.exe	Detected by Kaspersky as the RBOT.ESX WORM!
X	Hot Inside	Hottest Story Ever.exe	Added by the BHARAT.A WORM!
U	Hot Key Kbd 2690 Daemon	SK9910DM.exe	Multimedia keyboard manager - required if you use any special keys
U	Hot Key Keybd 9910 Daemon	SK9910DM.exe	Multimedia keyboard manager - required if you use any special keys
?	Hot Party 22	hotpart22.exe	??
X	HotAction_hr	hotaction_hr.exe	Added by the SITEICON-B DIALER! An uninstall option can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "HotAction_hr"
X	Hotbar	Hbinst.exe	Hotbar adware
X	Hotbar	HbOEAddOn.exe	Hotbar adware
X	HotbarOE	OEAddOn.exe	Hotbar adware
X	HotbarSA	HotbarSA.exe	Hotbar adware
X	hotdlll	remote.cmd	Added by the BANKER-EHG TROJAN!
X	hotfix	msnnmaneger.exe	Added by the WOOTBOT.AF WORM!
X	Hotfix Updat	svdhost32.exe	Added by the GAOBOT.ZW WORM!
U	HOTFOON2	hotfoon4.exe	Related to Hotfoon - a developer and provider of Internet Telephony technology based on LTP (Lightweight Telephony Protocol)
U	HotIDE	hotide.exe	HotIDE allows Acer TravelMate owners to hot-swap external drives without switching of their notebooks
U	HotkeyApp	HotkeyApp.exe	Programmable keys on Acer, Fujitsu and other laptops
U	HotKeysCmds	hkcmd.exe	Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
X	HotKeysCmds	[path to worm]	Added by the PAHATIA-A WORM!
X	HotPix	hotpix.exe	Adult content dialler
X	hotplug	hotplug.exe	Added by the SILLYDL TROJAN!
U	Hotplug	hot_plug.exe	Related to the SiS_Hot_Plug_Application. Enables automated driver loading for hotpluggable devices. If this service is stopped, hotplug devices will no longer function
N	HotSync Manager	hotsync.exe	Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs
X	hotwetlove	hotwetlove.exe	Adult content dialler. Will not uninstall - components have to be manually deleted
X	Hot_Kiss	Hot_Kiss.exe	Adult content dialler
X	Hot_Tarts	Hot_Tarts.exe	Adult content dialler
X	Hot_Tarts_**	Hot_Tarts_**.exe	Premium rate adult content dialer (where * is a random char)
X	Hot_Tarts_Au	Hot_Tarts_Au.exe	Premium rate adult content dialler
X	Hot_Tarts_mc	Hot_Tarts_mc.exe	HotTarts adult content dialer
U	HoverDesk	HoverDesk.exe	HoverDesk - desktop replacement software
?	hp 1000 firmware	fwdl.exe	HP LaserJet 1000 related. Is it a driver or automatic firmware update (based upon the filename)?
U	HP AutoIndexer	hppautoindexer.exe	Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
N	HP CD Writer	hpcdtray.exe	System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
N	HP CD-DVD	hpcdtray.exe	System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
N	HP CD-Writer	hpcdtray.exe	System Tray access to a HP CD-Writer's functions. Available via Start -> Programs
X	hp center	BACKWEB-*****.exe	See here - "messaging service that automatically sends you support information, tips, ideas, and special offers from HP and our partners, especially designed for HP and Compaq desktop computer owners". Applies to certain HP Pavilion desktop computers between Fall 2001 and Spring 2003. * can be any digit
N	hp center UI	ShadowBar.exe	User Interface for HP Center - see here
N	HP Component Manager	hpcmpmgr.exe	Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
X	HP Deskjet	HP_DeskJet_500.exe	Added by the FORBOT-DA WORM!
U	HP Digital Imaging Monitor	hpqtra08.exe	System Tray access to HP Director. Required if you prefer to use the all-in-one buttons to manually scan documents or transfer photos froma camera, for example
U	HP Display Settings	hpdisply.exe	Sets default display settings. Unchecking this item has been reported to cure a "Problem sending command to keyboard" error message
U	HP Health Check Schedule	HPHC_Scheduler.exe	HP Health Check Scheduler from Hewlett-Packard
?	HP IDScheduler	HPIDSCHD.exe	HP Instant Delivery Scheduler
N	HP Image Zone Fast Start	hpqthb08.exe	Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time
N	HP Info Express	??	On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
U	HP Instant Support	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, state, etc and gets written to a log file". HP Instant Support is required to run with the Help and Support program. If you uncheck HP Instant Support and and then run Help and Support it will add another HP Instant Support in the startup menu. If you remove the HP Instant Support in the add/remove program some help menus in help and support will not be available. You decide
N	HP Internet Center	SURFBRD.EXE	Loads the HP Internet center surfboard on startup. HP Internet Center allows you to customize the multimedia keys on the fly without having to go the Control Panel --> Keyboards to change them
N	HP JetDiscovery	HPJETDSC.EXE	HP JetAdmin software which monitors printing jobs on a network environment
N	HP JetSpeed Autostart	AUTOSTART.EXE	Autostart executable for the old multiplayer game HP Jetspeed
U	HP Laser Jet Director	hppdirector.exe	System Tray icon that opens various functions such as copy, fax, email, scan, copy plus, etc. Right-click on it and you see a few options such as the preceding bar plus About, Help, ToolBox, Exit, etc
?	HP Network Registry Agent	hpnra.exe	??
?	HP OfficeJet Series xxx Startup	HPOSTR03.EXE	xxx represents the series number - such as 700. What does it do and it it required?
?	HP OfficeJet Series xxx Startup	HPOstr05.exe	xxx represents the series number - such as 700. What does it do and it it required?
N	HP Parallel Port Test	hppt.exe	Associated with a HP ScanJet scanner
X	HP Photo Manager	HPPhotoManager.exe	Added by the SDBOT.AXU WORM!
?	HP Port Resolver	hpbpro.exe	??
N	HP Precision Scan	hpmdlbwx.exe	HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
N	HP Presentation Ready	PresRdy.exe	HP Omnibook related: "Press a dedicated button above the keyboard and the system will instantly load your presentation software and change the screen resolution to match your display device"
U	hp psc 2000 Series	hpobnz08.exe	System Tray icon indicating when the printer is ready. Can be started manually with HP Director but takes time to start
U	HP RecordNow	??	From HP "Software for the CD writer. Do not prevent from starting unless the CD writer is never going to be used."
U	HP ScanPatch	HPScanFix.exe	Program that starts up and automatically fixes earlier versions of the Scanjet 5100c software. If a Scanjet 5100C scanner is not going to be used, then it is safe to remove or prevent from starting
N	HP ScanPicture	hpsplmwa.exe	HP multifunction scanner software. Available from HP Office Jet R Toolbox so not required
U	HP SchedIndexer	hppschedindexer.exe	Installed by HP multi-function printer driver software, related to PC faxing. If you are not using the PC faxing feature you can go ahead and disable these services from the startup
X	HP Service Drivers	hdsys.exe	Added by the SDBOT-ZE WORM!
?	hp Silent Service	HpSrvUI.exe	HP related
N	HP Simple Trax	Hpcron.exe	Supplied with HP CD-RW drives - stores information about CD contents on your hard drive. Available via Start -> Programs or Desktop Icon
N	HP software update	HPWuSchd2.exe	HP software updates. If a shortcut doesn't exist create your own and run it manually
N	HP software update	HPWuSchd.exe	HP software updates. If a shortcut doesn't exist, create your own and run it manually
N	HP Status	hpstatus.exe	HP Printer Status and Alerts
?	HP Status Server	hpboid.exe	Copied during installation of HP Inkjet Printer Drivers in Win2K/XP. What does it do and is it required?
U	HP TV Now	HpTvNow.exe	Application supplied with HP notebooks. It activates the S-Video port and is said to improve the quality of the output signal (resolution/timeouts)
X	HP Update Assistant	HPAware.exe	Added by the MRO TROJAN!
N	HP Updates	??	On HP PCs, allows the computer to automatically receive notifications from HP over the Internet. Associated with BackWeb
?	HP Visualize Init	HpVisIni.exe	HP Visualize software related. What does it do and is it required?
N	HP-Aio Flight	Remind32.exe	HP multifunction registration
U	HPADVISOR	HPAdvisor.exe	HP Total Care Advisor - a suite of help and hardware check programs to help you check the health of your PCs
N	hpaiodevice	hpodev07.exe	Direct from HP - "Device Objects Server - detects all device events and handles all ongoing communication on the device. Loads in the Startup group (except when "portable" is chosen during installation)". Related to various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
?	HPAiODevice(hp officejet g series)	hpoavn07.exe	HP Printer related, reportedly lets file transfers from an HP device pass files through Windows firewall. Is it required?
N	HPAiODevice(hp psc 900 series) -1	hpobrt07.exe	Installed with a Hewlett Packard 900 series colour printer, scanner, fax, photo card slot printer, copier. Assumed to perform an identical function to the hpaiodevice entry
N	HPAIO_PrintFolderMgr	hpoopm07.exe	Directly from HP: "This process has one purpose - detects if the device moves to a different port, and notifies other processes to look on the new port." For various HP all-in-one printer/scanner/copier devices. They print and copy fine with those files disabled, and the HP icon installed on the desktop that points to "hpodir07.exe" works just fine if you need to use the scanner
U	HPBootOp	HPBootOp.exe	"HP Boot Optimizer intelligently and dynamically launches software during startup, based on available resources, to improve startup performance"
X	hpcmd	cmd.exe	Added by the ADCLICK-DS TROJAN!
N	hpcmpmgr	hpcmpmgr.exe	Checks the internet for updated drivers/utilities for your HP product - update manually. Disabling will remove the error "Windows can't shutdown the computer because hpcmpmgr.exe can't be ended"
U	HPDJ Taskbar Utility	hpztsb01.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb02.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb04.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb05.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb07.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb09.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb06.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb08.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb03.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb10.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb11.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb12.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	HPDJ Taskbar Utility	hpztsb13.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
N	hpfsched	hpfsched.exe	HPFSCHED is a small TSR that will remind you to clean the cartridges in your DeskJet from time to time in order to keep print quality high. It can be removed from the run line in win.ini if you do not want that feature
U	HPGamesActiveMenu	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
N	hpgs2wnd	hpgs2wnd.exe	"HP's exclusive Share-to-Web software makes it easy to share content with others through our affiliate Internet websites". Available via Start -> Programs
U	Hpha1mon	Hpha1mon.exe	Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature
U	Hpha2mon	Hpha2mon.exe	Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature
U	Hpha3mon	Hpha3mon.exe	Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature
U	HPHmon**	HPHMON**.EXE	Monitors the status of the memory card reader slot on a HP printers and displays a tray icon if a memory card isn't inserted. Also creates a virtual drive and assigns it the first available drive letter - which can lead to problems with drive management. ** represents the version number. Disable if you don't use the reader
U	HPHmon03	hphmon03.exe	Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature
U	HPHmon04	hphmon04.exe	Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature
U	hphmon05	hphmon05.exe	Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature
U	HPHmon06	hphmon06.exe	Supports the memory card reader on some HP Photosmart and AIO (all-in-one) printers - displaying a System Tray icon for the drive and allowing you to transfer files directly via the SAVE button. This verison is applicable for version 2.0 to 2.3 drivers - see here. Known to cause 100% CPU load in some cases. Only needed if you use this feature
X	Hphome	hphome.js	Homepage hijacker
N	HPHUPD04	hphupd04.exe	HP software update checker and wizard launcher. Available via Start -> Programs
N	HPHUPD05	hphupd05.exe	HP software update checker and wizard launcher. Available via Start -> Programs
U	HPHUPD06	hphupd06.exe	HP software update checker and wizard launcher. Available via Start -> Programs
N	HPHUPD07	hphupd07.exe	HP software update checker and wizard launcher. Available via Start -> Programs
N	HPHUPD08	hphupd08.exe	HP software update checker and wizard launcher. Available via Start -> Programs
?	hpjsiroute	hpjsira.exe	Related to HP laserjet printers and IP addresses. An IP address is appended to the name field - ie "hpjsiroute192.168.1.2"
X	HPl Services	hmlsvc32.exe	Added by the AGOBOT-SI WORM and variants!
Y	HpLamp	HPLAMP.EXE	HP Scanner Utility that controls your scanners light bulb. Needed if it's switched on
U	hplampc	hplampc.exe	HP Scanner Lamp Utility - fixes an issue with the scanner lamp not going off
U	HPLaptopGamesActiveMenu	ActiveMenu.exe	Wild Tangent demo games that come with some HP computers. Unchecking it can prevent the games from running occasionally. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case
Y	HPLJ Config	SetConfig.exe	Connects system to networked HP printer.
U	HPLogiFinder	hp_finder.exe	HP LogiFinder helps detect and allows the use of the centre button for the Logitech mouse. Can be disabled if not used
U	HpMmKbd	HpMmKbd.exe	HP's multimedia keyboard driver which enables the end-user to use the automation features of the HP multimedia keyboard
U	HPMVTray	HPMVTray.exe	HP Media Vault Networked Storage Device - System Tray management utility
X	HPNT	hpdll.exe	Malware downloader - detected by Kaspersky as the VB.KU TROJAN!
N	hpodblia	hpodblia.exe	HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
N	hpoddt01.exe	N/A	Installed by the "HP Photo and Imaging Director" software. If you ask for the imaging software, this program will be started
N	hpodlb08	hpodlb08.exe	HP OfficeJet Scan Button Monitor on a multi-function printer/copier/scanner. Start your scanning software manually
Y	hpotdd01.exe	hpotdd01.exe	Detection of new imaging, printing and other peripherals on HP machines such as USB printers, cameras and Bluetooth products. "This program is a non-essential process, but should not be terminated unless suspected to be causing problems"
Y	hpppt	hpppt.exe	Related to the drivers for HP ScanJet scanners
Y	hpppta	HPPPTA.exe	HP parallel port driver for certain hardware
X	HpPrinter	hpserver.exe	Added by the CMJSPY-W TROJAN!
N	HPPROPTY	HPPROPTY.EXE	HP LaserJet Toolbox
U	HPPWRSAV	HPPWRSAV.EXE	Power save related for HP Scanners. Many users have complained of system freezes with it running but it stops the light from remaining on all the time. Try www.hp.com, pick your OS option under the SUPPORT tab, follow the instructions and you will find an updated lamp control patch
?	hpqcmon	hpqcmon.exe	From HP and related to digital imaging
U	HPSCANMonitor	hpsjvxd.exe	HP scanning software that enables you to scan images from your scanner. Needed if you're using the scanner
?	hpScannerFirstBoot	scannerfb.exe	HP scanner related
N	hpsjbmgr	hpsjbmgr.exe	HP ScanJet Button Manager. It allows users of the HPScanJet scanners to indicate what the buttons on the scanner will do automatically if pushed. Not required at startup, unless the scanner is used every day, such as in a business environment
N	HPStart	hpstart.wsf	This a script used by HP that runs the first time one of their computers is started. Can't imagine why it would be starting up after the first boot
X	hpsysconf1	[random filename]	Added by a variant of the VIVIA.A TROJAN!
U	hpsysdrv	hpsysdrv.exe	This item keeps track of how many times the system has been recovered and the times of the first and last recoveries done on the system. Leaving unchecked will sometimes prevent the Keyboard Manager program from detecting that the computer is an HP. Since this program/driver was only made to run on HP, if it can't tell that it is an HP it will not run. If unchecked, it can prevent the running of the Application Recovery CDs, the use of the multimedia keys, and the HP Instant Support. Also seen that without it running, the Riptide Sound card that was installed on some older HP computers stops working
X	hptools	hptools.exe	Added by a variant of the SDBOT WORM!
X	hptools	microsoft.exe	Added by a variant of the SDBOT WORM!
N	HPU	ProvenTactics.exe	Proven Internet Marketing software
U	hpWirelessAssistant	HP Wireless Assistant.exe	The HP Wireless Assistant is a user application that provides a way to control the enablement of individual wireless devices (such as Bluetooth or WLAN devices) and that shows the state of the radios for these wireless devices
U	hpWirelessAssistant	HPWAMain.exe	Wireless application bundled with HP computers that allows you to control different settings on the computer's wireless devices such as Bluetooth and WLAN
N	HPZTS04	hpzts04.exe	Hewlett Packard printer toolbox shortcut that resides in the system tray
U	hpztsb02	hpztsb02.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	hpztsb04	hpztsb04.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	hpztsb05	hpztsb05.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	hpztsb07	hpztsb07.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	hpztsb09	hpztsb09.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
U	hpztsbol	hpztsbol.exe	HP System Tray utility which allows diagnostic and maintainance of your HP Deskjet series printer
N	HP_dla	dlatray.exe	On HP PCs, tray icon for dla - which provides drive letter access to HP's and Veritas' version of DirectCD
X	HQI Services	hqisvc32.exe	Added by the AGOBOT-RO WORM!
X	HQI Services	hqlsvc32.exe	Added by the AGOBOT-RP WORM!
U	HR	Hr.exe	HiddenRecorder periodically takes screenshots of the computer. If you didn't install this yourself remove it
U	HREF.OCX	regsvr32.exe ....HREF.OCX	HREF.OCX is an ActiveX control developed by xFX JumpStart and used to provide HTML-alike clickable links on Windows-based programs such as PopUpKiller
X	Hrn_qtv	hrnsvc32.exe	Added by the SDBOT-AET WORM!
X	hsim	isearch.exe	Unidentified malware
X	hsim	sexgame.exe	Unidentified malware
X	hsim	toolbar.exe	Unidentified malware
U	HSLAB Logger	logger.exe	HSLABLogger logs user activity and Internet activity. The gathered information can be sent to a predetermined email address. If you didn't install this yourself uninstall it
U	HSON	HSON.exe	Toshiba HotStart button support for instant-on entertainment on their laptops
U	HSTrans	hstrans.exe	Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
?	HsuGuiControl	HsuGuiControl.exe	Part of the Starband Internet satellite client. What does it do and is it required?
U	Hti	npdor.exe	Appears in startup if you have chosen to participate in on survey by NPD Online Research. Required for the survey to work correctly. Otherwise not required
X	HTML Help System	hhs.pif	Added by the RBOT-ATB WORM!
X	HTML32 Help System	hhs32.pif	Added by the RBOT-ATE WORM!
U	HTpatch	htpatch.exe	HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
X	HtProtect	AVprotect.exe	Added by the NETSKY.L WORM!
X	htssv32.exe	htssv32.exe	Added by a variant of the SDBOT TROJAN!
X	HTTP Tunneling Server	mstunnel.exe	Added by the RBOT.EDL WORM!
X	http://www.lienvandekelder.be	LienVandeKelder.exe	Added by the MYTOB-AZ WORM!
X	http://www.lienvandekelder.be	Lien Van de Kelder.exe	Added by the MYTOB-AP WORM and variants!
X	http://www.lienvandekelder.be	Lien Vande Kelder.exe	Added by the MYTOB-AQ WORM!
X	http://www.lienvandekelder.be	Lien vd Kelder.exe	Added by the MYTOB-M WORM!
X	http://www.lienvandekelder.be	Lien.exe	Added by the MYTOB-CZ WORM!
X	http://www.lienvandekelder.be	Lientjeuh.exe	Added by the MYTOB-P WORM!
X	http://www.lienvandekelder.be	LienVdK.exe	Added by the MYTOB-U WORM!
X	http://www.lienvandekelder.be	Van de Kelder Lien.exe	Added by the MYTOB-BF WORM!
X	http://www.lienvandekelder.be	We Love Lien Van de Kelder.exe	Added by the MYTOB-CV WORM!
X	http://www.lienvandekelder.com	Lien Van de Kelder.exe	Added by the MYTOB-EQ WORM!
X	http://www.lienvandekelder.com/	LienVandeKelder.exe	Added by the MYTOB-EO WORM!
X	httpd	c_pan.exe	Added by a variant of the DELF-A TROJAN!
X	httpd	deamon.exe	Added by the TACTSLAY.C TROJAN!
X	httpd	msgaol.exe	Added by the TACTSLAY.C TROJAN!
X	httpd	s_menu.exe	Added by the TACTSLAY.C TROJAN!
X	httpd	browse.exe	Added by the TACTSLAY.C TROJAN!
X	httpd	deamon.exe	Added by the TACTSLAY.C TROJAN!
X	https-ssl	https.exe	Added by the MOEGA.D WORM!
U	HughesNet Tools	matcli.exe	"matcli.exe is a motive Assistant Command line interface that gathers information about your system's identity like your name email address, city, county, etc and gets written to a log file". HughesNet Help is required to run with the Help and Support program. If you uncheck HughesNet Help and and then run Help and Support it will add another HughesNet Help in the startup menu. If you remove the HughesNet Help in the add/remove program some help menus in help and support will not be available. You decide
?	huhdir	huhdir.exe	??
X	huigezi	HgzServer.exe	Added by the GRAYBIRD.C TROJAN!
X	Hvewsveqmg	ANACON.EXE	Added by the NACO.A WORM!
X	Hvid	Hvid.exe	Added by the GEMA TROJAN!
X	HWINFO*	HWINFO*	Added by the PUROL WORM! where * is a random character
Y	HWinst	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
X	Hwp	system_wc.exe	Eziin adware
X	hws	hws.exe	Added by the STARTPA-CT TROJAN!
U	HWSetup	HWSetup.exe hwSetUP	"Toshiba Hardware Setup is the Toshiba configuration management tool available through Windows." Allows the user to change BIOS, hard disk, memory, boot disk priority and other settings
X	hxadsec	[path to trojan]	Added by the ADCLICK-AP TROJAN!
X	HXDL.EXE	HXDL.EXE	Attune HelpExpress - spyware. Disable and uninstall - see here
X	HXIUL.EXE	HXIUL.EXE	Attune HelpExpress - spyware. Disable and uninstall - see here
U	HydarVisionDesktopManager	desk95.exe	ATI's HydraVision desktop management software, allowing for multi-monitor support, as included in ATI HydraVision versions 2.5 and earlier. Has been reported to cause problems, such as this one. HydraVision can be uninstalled through Add/Remove Programs
U	HydraVisionDesktopManager	desk98.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
U	HydraVisionDesktopManager	HydraDM.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
U	HydraVisionViewport	viewport.exe	ATI/Appian HydraVision Desktop Manager software - monitors and regulates window and dialog box placement according to user preferences when using a multi monitor setup
X	Hyper Start	instantmsgrs.exe	Added by the RBOT-NH WORM!
X	I am not Ranky. I am eTunnel!	msyervice.exe	Added by an unidentified WORM or TROJAN!
X	I am not Ranky. I am eTunnel!	winsys.exe	Added by an unidentified WORM or TROJAN!
X	I am not Ranky. I am eTunnel!	disney.exe	Added by an unidentified WORM or TROJAN!
X	I just want to say I love Milko and I need a drink	svchost.exe	Added by the CHIKO WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Documents and SettingsAdministratorLocal SettingsApplication Data folder
X	I-Worm.GiGu	uGiG.eXe	Added by the GINK WORM!
X	I/O Controllers	svcnet.exe	Added by the TIBIK-B TROJAN!
X	I386	I386.exe	Added by the MYPOWER WORM!
?	I81SHELL	I81SHELL.exe	Appears to be related to drivers for an Intel 810 graphics chipset on an ASUS motherboard
U	i8kfangui	i8kfangui.exe	Graphical interface for fan speed control
U	IAAnotif	iaanotif.exe	IAA Event Monitor User Notification Tool - part of Intel? Application Accelerator - "a performance software package for desktop PCs using select Intel? chipsets" that "replaces the ATA drivers that come with Windows with drivers optimized for desktop and mobile PCs." If you use the RAID version it's required to notify you if a RAID 1 disk has failed
Y	iamapp	iamapp.exe	AtGuard personal firewall engine. As Atguard was bought by Symantec some time ago, it's now the Norton Personal Firewall executable as well
X	Iamnacho On Irc.MusIrc.com Is a Homosexual!	XBox64.exe	Added by the RANDEX.Y WORM!
?	Iap	iap.exe	Possibly part of Dell OpenManage Client Instrumentation - software that allows remote management application programs to access information about, monitor the status of or change the state of the client computer, such as shutting it down remotely?
U	ias	ias.exe	InvisibleASpy keystroke logger/monitoring program - remove unless you installed it yourself!
X	IASHLPR	IASHLPR.EXE	Added by the OPASERV.T WORM!
X	ibin	[path to trojan]	Added by the PERDA-C TROJAN!
X	ibm	ibm.exe	Added by the LEGMIR-AH TROJAN!
X	IBM Keyboard Driver	ikeybdrv.exe	Added by the SDBOT.IC TROJAN!
?	IBM Warranty Notification	ERTS0749.exe	IBM Warranty Notification - presumably it's a reminder to either register or that warranty is about to expire?
N	ibmmessages	ibmmessages.exe	Allows IBM to push messages onto users' computers. Quote: "The Access IBM Message Center can display messages to inform you about software and solutions available from IBM as well as messages from IBM eSupport"
?	Ibmmon.exe	Ibmmon.exe	??
U	Ibmpmsvc	ibmpmsvc.exe	Power management driver for IBM laptops. Provides support for the use of four keys on the thinkpad keyboard with blue key tops - Fn, F3, F4 & F12 - which have specific functions to control the standby and hibernate buttons. Not required if you don't plan to go into standy or hibernate modes
?	IBMPRC	ibmprc.exe	IBM application - what does it do and is it required?
U	IBMUltraBayHotSwapCPLLoader	IBMBAY2N.EXE	Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops
?	IBMUltraBayHotSwapSound	IBMBAYSN.EXE	Supports hot swapping in Thinkpad UltraBay Option on IBM ThinkPad laptops. Is it needed though - does it just play a sound?
Y	IBM_PWMGR	pwmgr.exe	IBM Password Manager
X	Ibs	ibs.exe	Added by the HIDEDIAL-B TROJAN!
U	IBWin Background process	IBackground.exe	IBackup for Windows
U	IBWin Monitor	IBMonitor.exe	IBackup for Windows
Y	IcaBar	icabar.exe	Related to Citrix MetaFrame
X	icasServ	icasServ.exe	Browser hijacker, redirecting to Searchforfree.info. Also detected as the ICASERV-A TROJAN!
X	ICcontrol	iccontrol.exe	Added by the ICcontrol premium rate adult content dialer
X	icdd7ee6	rundll32.exe icdd7ee6.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icdd7ee6.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	icddefff	rundll32.exe icddefff.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "icddefff.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
N	ICH Synth	eusexe.exe	Sound related and can be disabled without affecting performance although advanced sound features may be sacrificed. May be related to Compaq PC's with "SoundMAX integrated Digital Audio" (Analog Devices Inc.) devices
X	icifati	yujixit.exe	Added by the SDBOT.ZZH WORM!
U	iClean	iClean.exe	IEClean - "advanced, comprehensive package of tools which perform a number of functions to allow you to control your online privacy"
U	ICM	ICM.EXE	Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail
N	iCn	NAG.EXE	iChoose - shopping browser enhancement that alerts you to cheaper deals for goods you want to buy, if they exist. Not related to the Mac icon program of the same name
U	ICO	ICO.EXE	Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
N	Icon Animation	HDE.EXE	Part of McAfee Nuts & Bolts. Provides entertaining animation of your desktop icons
N	Icon Hearit 95	hearit95.exe	Audio desktop customization utility from Moon Valley Software. Resource hog
N	Icon Hearit 98	hearit98.exe	Audio desktop customization utility from Moon Valley Software. Resource hog
X	Icon lptt01	icon.exe	RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	Icon ml097e	icon.exe	RapidBlaster variant (in a "Icon" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
Y	iconcache	icon.bat	Related to the Vista Customization Pack
Y	ICONCLNT	iconclnt.exe	APC PowerChute Tray Icon. Associated with the UPS listing
U	ICONDESK	ICONDESK.EXE	Small utility which will allow you the option of hiding or showing your desktop icons
N	Iconfig.exe	Iconfig.exe	Icon for LS-120 "Superdisk"
X	iConfigLoader	DIIhost.exe	Added by the GAOBOT.AO WORM!
N	Iconoid	Iconoid.exe	Iconoid is a desktop icon manager
N	Iconsaver	Iconsaver.exe	IconSaver is a desktop icon manager
X	ICQ	ICQNET.vbs	Added by the GORMLEZ-A WORM!
X	ICQ Agent	icq6.exe	Added by the AGENT-FZJ TROJAN!
X	ICQ Center	[path to worm]	Added by the RANDIN WORM!
X	ICQ Chat Service	icqjdhs.exe	Added by a variant of the RBOT WORM!
X	ICQ Hacking Pro	ICQpro.exe	Added by a variant of the NETSPY TROJAN!
N	ICQ Lite	ICQLite.exe	ICQ Lite - compact version of the popular messaging program
X	icq lite	scvhost.exe	Added by the AGENT-DSF TROJAN!
X	icq lite	winlog.exe	Added by the IRCBOT-TJ TROJAN!
X	ICQ Lite Messenger	[random filename]	Added by an unidentified VIRUS, WORM or TROJAN! Unlike the legitimate ICQ Lite executable, which will be located in the ICQLITE folder in Program Files, this particular impostor is located in the Windows or WinntSystem32 directory
X	ICQ Messenger 2002	ICQ2002.exe	Added by the SDBOT-ABL WORM!
X	ICQ Net	winlogon.exe	Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should not appear in Msconfig/Startup!
N	ICQ Plus	vplus.exe	ICQ Plus is a freeware utility makes your ICQ skinnable (change the look). Available via Start -> Programs
X	IcqBeta	webcamupdate.exe	Added by an unidentified TROJAN!
X	ICQNet	winlogon.exe	Added by the NETSKY-C WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This file is placed in the Windows or Winnt folder
X	icrosof Avps32 Control	av32.pif	Added by the RBOT-AVC WORM!
X	icrosoft Visual	plscx.exe	Added by the RBOT-AYO WORM!
X	icrosoft Visual InterDevc	zvslmqb.exe	Added by the RBOT-AYP WORM!
X	icrosoft Windows DLL Services Configuration	poker3.exe	Added by the SDBOT-AER WORM!
X	icrosoftf Avpx Control	avpx.exe	Added by the RBOT-AYN WORM!
U	ICSDCLT	rundll32.exe Icsdclt.dll, ICSClient	Internet Connection Sharing allows more than one computer to simultaneously access the internet with a single connection. Also required when networking two machines
N	ICServer	Icserver.exe	Intel Intercast viewer software. Gives access to selected internet pages which are broadcasted by several TV stations
Y	ICSMGR	ICSMGR.EXE	Monitors DNS and DHCP requests for ICS (Internet Connection Sharing). Needed if you're sharing the internet on various computers
X	ICU-Sucker	Service32.exe	Added by the ILLNOTIFIER.D TROJAN!
N	IC_KEY_3	spvic.exe	Instant Chess related
N	ID Commander	IDCom.exe	Caller ID utility for identifying incoming telephone numbers
X	ID8525	ID8525.exe	Added by the ID8525.A TROJAN!
X	ID8525	id85255.exe	Added by the ID8525.A TROJAN!
?	IDA	IDA.EXE	HP related - in a Program FilesHewlett-PackardPC COE folder
X	IDE	ide.exe	Added by the ASSASIN.F TROJAN!
X	IDE Loader	IDElibr32.exe	Added by the XILON TROJAN! Related to the game "Diablo II"
X	idecntl	idecntl.exe	Added by a variant of the CRYPTER.C TROJAN!
U	iDesktop	idesktop.exe	Immersion TouchWare Desktop software for devices such as the Logitech iFeel Mouse
N	IDMan	IDMan.exe	Internet Download Manager - download files faster, schedule and resume
X	idmlssp	[random filename]	Added by a variant of the SLAPER TROJAN!
X	IDTemplates	IDTemplate.exe	Added by the BRONTOK-H WORM!
N	IDW Logging Tool	idwlog.exe	Added with WinXP SP1. Usually only found in internal builds only to indicate the current build being used. Can cause slow network logon problems
X	IE configure	explorer.exe	Added by the LINEAGE-C TROJAN! Note - this is not the legitimate Windows Explorer (explorer.exe) which would not normally appear in Msconfig/Startup unless you added it manually!
U	IE Doctor	IEDoctor.exe	IE Doctor Toolbar - "IE Doctor can help you to Repair IE easily, protect IE and OE from all malicious changes. It can Repair the HomePage, context menu, IE toolbar button, startup items, Favorites, typed URLs and the entire Internet Options"
X	IE Java Update	iejava.exe	Added by the AGENT-HD TROJAN!
X	IE Menu Extension toolbar	rundll32.exe [path] tbextn.dll DllShowTB	Topconverting.com180Search "IEMenuExtension" toolbar. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
U	IE New Window Maximizer	iemaximizer.exe	IE New Window Maximizer - automatically maximize new Internet Explorer and Outlook Express windows
X	IE Runtime	wini.exe	Added by the PICRATE.B WORM!
X	IE Runtimes	winis.exe	Added by the RBOT-ADZ TROJAN!
X	IE*.exe [ = random char]	IE*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	IE*32.exe [ = random char]	IE*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	IE-Bar	iebar.exe	DesktopMedia adware
X	IE6	wkstmg.exe	Added by a variant of the SDBOT WORM!
X	IE6	ssmss.exe	Added by the GAOBOT.DXO WORM!
X	IE6	porn.pif	Added by the RBOT-ATF WORM!
X	IE6	winsnt.exe	Added by the RBOT-GOV WORM!
X	IEACCESS	temp532.exe	AsdPlug premium rate adult content dialer variant
X	IEACCESS	surfya.exe	IEAccess premium rate adult content dialer variant
X	IEAgent update check	iewatch.exe	Added by the BOMKA TROJAN!
N	iecheck	iecheck.exe	Integrity checker for IconEdit2 icon editor. It serves for IconEdit2 internal tasks only and can be safely deleted from the system if you are running the latest version of IconEdit2
X	IECheck	MSDTCs.exe	Added by the TIRBOT-D WORM!
X	IECheck	xpssl.exe	Added by the TIRBOT-E WORM!
X	IECheck	mssvp.exe	Added by the TIRBOT-G WORM!
U	IECleanAux	Ieboot6.exe	IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc. Performs cleaning tasks at startup
X	iedll	iedll.exe	Homepage hijacker, redirecting to coolwwwsearch.com
X	IEDriver	IEDriver.exe	Installed as part of adware (Cydoor) based peer-to-peer file sharing software called URLBlaze
X	IEDriver	xplore.exe	IEDriver adware variant
X	IEDriver	TD.exe	IEDriver adware variant
X	iedwa104	iedwa104.exe	Added by the DLOADR-BBW TROJAN!
X	IEengine	IEeng.exe	STARTPAG.AI hijacker
X	IEexplorer AUpdate	IEexplore32.exe	Added by the RBOT-GRE WORM!
X	IEFeatures	IEFeatures.exe	Added by the POPMON.A TROJAN! - also known as PopMonster adware
X	IEFeatures	Internetfeatures.exe	Added by the POPMON.A TROJAN! - also known as PopMonster adware
X	IefxTray	IefxTray.exe	Added by the RILER-H TROJAN!
X	ieharv.exe	ieharv.exe	Added by the BANKER-HH TROJAN!
X	Iehelper	syslaunch.exe	Outwar adware downloader
X	iel2cde8	rundll32.exe iel2cde8.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "iel2cde8.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	ielcaabe	rundll32.exe ielcaabe.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "ielcaabe.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	IELoader32	iexplore32.exe	Added by the SPEX or SPEX.B WORMS!
X	Iesar	Iesar.exe	Browser hijacker - redirecting to an adult web page
X	Iesearch.exe	Iesearch.exe	LookNSearch adware
X	IESet	IExplorer.dll	Added by the PWS-BLUEDIT TROJAN!
X	iesetupi.exe	iesetupi.exe	Added by a variant of the RBOT WORM!
X	iestart	iexp1orer.exe	Added by the NEMOG.C TROJAN!
N	ietsr	ietsr.exe	IEClean by Kevin McAleavy - cookie manager, cache cleaner, history cleaner, etc
X	ieupdate	MCP**.exe [** = random char]	Added by the ASOXY TROJAN!
X	ieupdate	mcpdll32.exe	Adware downloader trojan
X	IEXPL0RER	IEXPL0RER.EXE	Added by the AGOBOT-QL WORM! Note the filename has a "0" rather than an upper case "o"
X	iexpl0res	iexpl0res.exe	Added by the RBOT.AEX WORM! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot
X	IExploer	svshosts.exe	Added by the IRCBOT.BT TROJAN!
X	Iexploit	Iexploit.html	Added by the INKER.B WORM!
X	Iexplore	iexplore.exe	Added by the BOXER TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	IEXPLORE	iexplore.exe	Added by the APHEXDOOR TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	IExplore	IEXPLORE.EXE	Added by the DLOADER-YZ TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a "Custom" subfolder
X	IExplore	IEXPLORE.exe	Added by the DLOADR-AAM TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the "Arquivos de programasInternet ExplorerCustom" folder
X	IEXPLORE	IEXPLORE.EXE	Added by the BANKER-BWE TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Iexplore Services	iexplore.exe	Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup!
X	IEXPLORE.EXE	[path to trojan]	Added by the BANCOS-CJ TROJAN!
X	IEXPLORE.EXE	goot.exe	Added by the BIFROSE-C TROJAN!
X	IExplorer	Iexplor32.exe	Added by the BDOOR-BY TROJAN!
X	IExplorer	IExplorer.EXE	Added by the BANCOS-CH TROJAN!
X	IEXPLORER	msiecfg.exe	Added by the JU or BANCBAN-IP TROJANS!
X	Iexplorer	explorer.exe	Added by the ZAPCHAS-AC TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System folder
X	iexplorer lptt01	iexplorer.exe	RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	iexplorer ml097e	iexplorer.exe	RapidBlaster variant (in a "iexplorer" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	Iexplorer.exe	Iexplorer.exe	Added by the BANCBAN-EN TROJAN!
X	IExplorer32 Java Scripting	IExplore32b.exe	Added by the RBOT.ABO WORM!
X	IExplorer32c Java Scripting	IExplore32cb.exe	Added by the RBOT.ABN WORM!
X	IExplorer6 Java Scripting	IExplore326.exe	Added by a variant of the SDBOT WORM!
X	IExplorer7 Java Scripting	IExplore327.exe	Added by a variant of the SDBOT WORM!
X	IExplorerService	WinSock.exe	Detected by Kaspersky as the AGENT.KIU TROJAN! See here
X	ifp	ipf.exe	Added by the CLAGGER-AG TROJAN!
X	ifperx	[random filename]	Added by a variant of the SLAPER TROJAN!
U	IFSplash.exe	IFSplash.exe	I-FORCE driver for force feedback steering wheel
X	igamatu	ekor.exe	Added by the SDBOT.AQ TROJAN!
X	igamatu	atecaca.exe	Added by the IRCBOT.R WORM!
U	igfxtray	igfxtray.exe	Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel
?	Iglpbv	Iglpbv.exe	??
N	igndlm.exe	DLM.exe	IGN Download Manager has become a requirement for downloading files through FilePlanet.com. It is based on Internet Explorer and it installs through an ActiveX-plugin, hence Internet Explorer must be installed beforehand and downloads has to be initialized through that browser
X	igsex2x	igsex2x.exe	NewDial premium rate adult content dialler
?	iHP-100	iHPDetect.exe	Drive Letter Searcher, iRiver iHP-100 iHP and H Series player related - does it need to start with Windows every time?
X	iilc	IILC.EXE	Homepage hijacker
X	Iinl	iptl.exe	PurityScan/Clickspring adware
X	IISADMINS	systems.exe	Added by the AGOBOT.U WORM!
X	iisvers	iisvers.exe	Added by an unidentified TROJAN or adware
X	iiuyvyu	uzcx.exe	Added by the AGENT-EOF TROJAN!
N	iIWiper	Systemwiper.exe	System Wiper from iI Software - allows you to clear the history of your activites from you computer. Run manually on a regular basis
Y	IJ75P2PSERVER	IJ75P2PS.EXE	Printer utility which is required in order to make the printer work correctly
Y	IKE Service 95	IKEService.exe	Associated with PGP. The PGP Tray can be disabled, but without IKESERVICE you won't be able to de- or encrypt anything
U	iKeyWorks	IKEYMAIN.EXE	A4Tech wireless keyboard driver and utility
U	IKL	rundll32.exe [path] IKL.dll	IKL surveillance software. Uninstall this software unless you put it there yourself
X	iLLeGaL	Mplayer.exe	Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
X	iLLeGaL.exe	Mplayer.exe	Added by the HOLAR.C (or GALIL) WORM! Note - this should not be comfused with Windows Media Player which has the same filename
?	ILO_Office_Manager	IntEdReg.exe /OFFMAN	Intense Educational Ltd - Language Office Software. Is it required?
U	iLyric	iLyric.exe	iLyric plugin for Winamp media player. Allows you to retrieve the lyrics for your songs with the press of a button
N	iM Start Center	iM_Tray.exe	Installed with the Sound Blaster Audigy range of soundcards. A radio tuner installed if the user chooses during installation. Available via Start -> Programs -> iM Networks -> iM Radio Tuner
X	Image	rundll32 image.dll, Install	CoolWebSearch parasite variant
Y	Image & Restore	IMAGE32.exe	Part of McAfee Nuts & Bolts. Image/Restore can recover from drives that have been accidentally formatted or completely erased, if Image was recently run
N	Image Transfer	SonyTray.exe	Sony Image Transfer software provides direct image transfer from your digital camera to a PC - can be started manually
U	ImageDrive-{hex numbers}	ImageDrive.exe	Nero ImageDrive from Ahead - virtual CD/DVD drive software
U	Imagefox	imagefox.exe	ImageFox 2.0 (formerly available from ACDSee) is an "add-on" graphics previewer for most Windows Open/Save As dialog boxes
X	Imagemgt32	Imagemgt32.exe	Added by the GEMA TROJAN!
X	ImagePath	taskbarmngr.exe	Added by the SDBOT-XB WORM!
U	ImageTune	dthtml.exe	Display Tune (aka Image Tune) from Portrait Displays, Inc. - "is the perfect software utility to initially set-up and adjust your display to achieve its optimum performance. All adjustments are made through a simple graphical user interface and the user is guided, step-by-step, through the entire initial tuning process." Also licensed and renamed by manufacturers such as Gateway and HP
X	IMAPI	load.exe	Added by the DOWNDEL-A TROJAN!
N	iMarkup Client	iUtil.exe	Enables the iMarkup Client web page annotation utility to run in the background and be available in systray. Shortcut available via Start -> Programs
U	Imatio	imation.exe	Imation Disk Manager - enables you to create a password protected area on your Imation USB flash drive
X	imchat	imchat.exe	Added by a variant of the IRCBOT TROJAN!
X	IMClass	Svhosl.exe	Added by an unidentified WORM or TROJAN!
X	imcssl	xmliwvug.exe	Detected by Kaspersky as the SLAPER.U TROJAN! See here
N	imekrig	imekrig.exe	Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
N	IMEKRMIG6.1	IMEKRMIG.EXE	Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Japanese and this one is Korean)
N	Imesh	??	Imesh is a file sharing system
N	Imesh Auto Update	??	Update check for the Imesh file sharing system. Turn the update off under "options"
X	IMEvtMgr.exe	IMEvtMgr.exe	Added by the KEYLOG-AR TROJAN!
U	ImgIcon	ImgIcon.exe	Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
X	imgit	[path to file]	Added by the BANKER-EM TROJAN!
N	ImgStart	ImgStart.exe	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
N	Imjpmig.	IMJPMIG.EXE	Part of MS Input Method Editor which is used to ease the input of Asian characters in MS Office (Chinese, Korean and this one is Japanese). . represents the version number
X	IMJPMIG8.2	msime82.exe	Added by the VB-CYG WORM!
?	immcheck.exe	immcheck.exe	Related to I-FORCE driver for force feedback steering wheel?
X	ImMsn	timed.exe	Added by the WEBDOR.AK TROJAN!
U	IMOL	IMOLApp.exe	IncrediMail for Office Outlook Add-On
N	Imonitor	Plguni.exe	McAfee QuickClean 3.0 - removes internet clutter and unwanted programs
X	imonitor	[path to trojan]	Added by the IMONI-A TROJAN!
U	IMONTRAY	imontray.exe	System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
X	IMprocess	IM-svr.EXE	IMNames adware
U	IMStart	IMStart.exe	InterMute security software related
X	imwinsrvc	acpmonsrv.exe	Added by the SLAPER.E TROJAN!
X	IMwire	imwireup.exe	SafeSurfing adware variant
X	im_autorn	im_1.exe	Added by the IMAV.A WORM!
X	im_autorn	im_2.exe	Added by the BAGLEDL-BO TROJAN!
Y	InCD	incd.exe	Ahead InCD packet writing software - similar to DirectCD. For Nero 5.0 or 5.5 (InCD3), it does not need to start with Windows. You can run InCD.exe manually before inserting an appropriately formatted CD-RW (CD-MRW) disk. For Nero 6.0, 6.3 or 6.6 (InCD4), it does need to start with Windows. It does not function correctly when you try to run it manually, and you will not have write access to MRW (Mount Rainier) formatted CD-RW (CD-MRW) or DVD-MRW disks. To regain write access and other features, InCD 4 must start with Windows
N	IncMail	IncMail.exe	"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
N	InControl Desktop Manager	DMHKEY.EXE	For Diamond Multimedia video cards. Allows System Tray access to desktop utilities such as screen resolution. Available via Start -> Programs
N	Incredimail	incredimail.exe	"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
N	Incredimail	IncMail.exe	"IncrediMail is an advanced, feature-rich email program that offers you an unprecedented interactive experience. Unique multimedia features will enable you to tailor your email experience so that it fits your mood and personality"
X	Index Service	dllhost32.exe	Added by the AGOBOT.CH WORM!
U	Index Washer	WashIdx.exe	Window Washer from Webroot Software. Useful utility that deletes safe to remove files, cookies, browsing history, etc. Available via from Start -> Programs. Disable within the program options - otherwise it is re-enabled in MSCONFIG
X	Indexindicator	Indexindicator.exe	Added by the LAZAR TROJAN!
N	IndexSearch	IndexSearch.exe	Associated with PaperPort scanner software from ScanSoft
U	IndexTray	IndexTray.exe	Part of Sharpdesk from Sharp Electronics. "A desktop-based, personal document management application that lets users browse, edit, search, compose, process, and forward both scanned and native electronic documents"
U	IndicatorUty	IndicatorUty.exe	Fujitsu Hotkey Utility displays icons on the screen when you use hotkeys on a Fujitsu Siemens Lifebook, eg, when you press the hotkey for muting the sound, a loudspeaker icon with a cross on it is displayed
X	ine	svchosts.exe	Added by the RBOT.BNL WORM!
X	INET	inetsync.exe	Meplex adware
X	Inet DataBase	Inetdbs.exe	Added by the QEDS WORM!
X	Inet Delivery	inetdl.exe	Inet Delivery adware
X	Inet Delivery	inetdl_2.exe	Inet Delivery adware
X	Inetapi	Netapi.exe	Added by the NETDEVIL.14 TROJAN!
U	inetcntrl	inetcntrl.exe	Bsafe Online - internet filter
?	InetConf	inetconf.exe	??
U	Inetd	INETD32.EXE	Windows Inet Daemon from Hummingbird Communications. "Hummingbird Inetd has the advanced ability to conserve PC resources by listening for connection requests and launching server daemons". Provides PCs with the full functionality of a UNIX workstation
U	inetinfo.exe	inetinfo.exe	Executable used by MS Internet Information Server (IIS). If it's running, then so is IIS. Useful in knowing whether you require the patch for the Code Red worm. Comes with PWS (Personal Web Server) or NT4 and handles ASP-, PHP code (+ more)
X	inetinfomon manager	inetinfomon.exe	Added by the DONBOMB.A TROJAN!
X	inetmgr	inetmgr.exe	Actual Names (AdvSearch) Internet Keywords parasite
X	InetMSN	msnet.exe	Added by a variant of the SDBOT TROJAN!
X	InetServices	wsock32.exe	Added by the WOCK32-A TROJAN!
X	infamous.exe	wmplayer.exe	Added by unknown malware. WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup. Infamous.exe is identified by Panda antivirus as Trj/Briss.A
X	InfeStop	InfeStopRemover.exe	InfeStop spyware remover - not recommended, see here
U	Info Select	is.exe	Info Select from Micro Logic - personal information manager
X	Info32x	Info32x.exe	Added by the GEMA TROJAN!
X	InfoData	rundll32.exe *******.dll, realset [ = random char]	Added by the VUNDO TROJAN! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
U	InfoPenMSN	InfoPenIM.exe	InfoPenMSN is a MSN Messenger plugin that allows you to send data written/drawn by hand
?	Infoplay.exe	Infoplay.exe	Written by New Media Properties, LLC and you're asked if you want to download and install it if you visit one of their search engine websites (which I chose not to). What does it do and is it needed?
X	Information Update	iu.exe	Detected by Kaspersky as the CENTIM.CH TROJAN!
U	Infra-red Monitor	IRMON.EXE	System Tray access to infra-red devices. Not required unless you use infra-red devices
X	infus	infus.exe	Adult content dialler
U	Infuzer	Infuzer.exe	Infuzer - "is a service that copies dates from the web or an email straight to your electronic calendar". Beware of the following adware trait - "Infuzer provides web site owners with a unique opportunity to communicate with their visitors in a way that is useful and relevant to them, as well as increasing return visits and brand awareness, and providing new e-commerce opportunities"
X	infwin	infwin.exe	VX2.Transponder parasite updater/installer related
X	Init32	Init32.exe	Added by the WINEX.A TROJAN!
X	Initial Page	install.exe	EasySearch browser hijack installer
Y	Initialize8x8	8x8_init.exe	Tool that initializes a Pinnacle PCTV card - maybe in capture or in showing overlay
X	injob	injobs.exe	Added by the BINJO TROJAN!
N	Ink Monitor	InkMonitor.exe	Associated with Epson (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
N	InkWatch	InkWatch.exe	Associated with Canon (and maybe other) printers. Tells you when the ink's running low and asks if you want to buy another cartridge on-line
Y	InoRPC	InoRpc.exe	Associated with eTrust Antivirus/InoculateIT
Y	InoRT	InoRT9x.exe	Associated with the Realtime Monitor of eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. For NT/2K/XP users you may need a patch if seeing high CPU useage
U	InoTask	InoTask.exe	Scheduled scans and signature updates for eTrust Antivirus/InoculateIT version 6 virus scanners from Computer Associates. Leave enabled unless you manually update signatures or perform routine scans. If enabled it can result in high CPU useage when performing updates
X	iNotice	iservice.exe	Added by a variant of an MSN worm that tries to lure people to an infected site by using nude pictures and videos
?	insCOA5	insCOA5.exe	??
X	Insider	Insider.exe	Detected by PCTools as the AGENT.KMC TROJAN! See here
U	InstaAlert	InstaAlert.exe	"Kayako InstaAlert allows you to receive realtime alerts whenever a ticket gets updated under the assigned departments. The application displays popups as and when the tickets are created or replied to allowing you to answer your customer requests and issues promptly"
X	InstaFinderK	InstaFinderK inst.exe	InstaFinder adware
X	Install	Install.exe	Added by the BANCBAN-HG TROJAN!
X	Install part II	updates.exe	Added by the RELFEERWORM!
?	Install Pending Files	sifxinst.exe	Uninstall program for Lanovation's Prism Deploy and Prism Pack adminstrators software deployement tools. For specific information see here. Is it required?
N	InstallAurealDemos	InstallAurealDemos.js	Used to initialize the Aureal A3D demos InstallShield wizard
U	InstallBuddy	Ibtna.exe	InstallBuddy - automatically translates and installs your desktop documents, such as Adobe PDF, HTML, Microsoft Word, Excel and PowerPoint files, to your Palm organizer when you HotSync
X	InstallCleaner	InstallCleaner.exe	Added by the ANYHOMB.F TROJAN!
X	Installed shell32.dll	Office.exe...	Added by a variant of the LOVGATE WORM!
X	Installer	dial.exe	Malware - detected by Kaspersky as the AGENT.MM TROJAN!
?	InstallNAIProduct	SETUP.EXE	Could be related to Network Associates Inc who own the McAfee VirusScan product amongst others. This was found in a directory called "VSC". Could it be an installation that failed and "SETUP.EXE" was left to run at startup as an error?
X	InstallProvider	newsoftware2007install.exe	WinAntiVirus Pro 2007 and Privacy Protector misleading security software - not recommended, see here
X	Installs SP2	[path] repcale.exe [path] palsp.exe	Added by a variant of the RANDON.AN WORM!
U	Installstub	installstub.exe	Tool for Outlook and Outlook Express from Plaxo for organising and keeping contacts organised and updated and providing online access to your contacts and access from PDA or mobile phone
X	Instance 001	[path to worm]	Added by the ALASROU-A WORM!
X	Instant Access	rundll32.exe EGDHTML_1023.dll, InstantAccess	InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	Instant Access	rundll32.exe eg_auth_**.dll, InstantAccess [** = digits]	InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	Instant Access	rundll32.exe EGCOMLIB_**.dll, InstantAccess [** = digits]	InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	Instant Access	rundll32.exe EGCOMSERVICE_**.dll, InstantAccess [** = digits]	InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	Instant Access	rundll32.exe p2esocks_**.dll, InstantAccess [** = digits]	InstantAccess premium rate adult content dialler variant. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
X	Instant Access	mwsrvacc.exe	InstantAccess premium rate adult content dialer
X	Instant Access	linewsrv.exe	InstantAccess premium rate adult content dialer variant
X	Instant Buzz Daemon	IBDaemon.exe	Instant Buzz adware
X	Instant Messenger Service	imservice.exe	Detected by Kaspersky as the HEUR TROJAN!
N	Instant Update Center	reminder.exe	From Broderbund's PrintMaster 10. It is an event reminder (for calendar dates, etc). Delete from the startup using Startup Manager program because it keeps re-checking itself when using MSCONFIG. PrintMaster 11 uses filename PMremind.exe - it has to be unchecked in startup in the same manner
U	Instant Wireless Configuration Utility	WUSB11cfg.exe	Utility used by the LINKSYS LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
U	Instant Wireless Configuration Utility	WPC11Cfg.exe	Utility used by the LINKSYS wireless USB Adapter (WUSB11) and indicates when a wireless access connection is made by a screen colour change. Also used for configuration
N	InstantAccess	INSTAN~1.EXE	From TextBridge Pro 9.0 OCR scanner software. Available via Start -> Programs
U	InstantDrive	InstantDrive.exe	Pinnacle Systems (ex VOB) InstantDrive - creates a virtual CD-ROM drive on the computer's hard drive. Part of InstantCD/DVD burning software
X	InstantPleasure	instantpleasure.exe	Adult content dialler
X	InstantPleasureXXX	instantpleasurexxx.exe	Adult content dialler
N	InstantTray	PCLETray.exe	Pinnacle InstantCD/DVD disc creation software. Tray icon enabling a pop-up menu that lets you call up any of Instant CD/DVD's tools with one click. Can be started manually
X	instit	instit.bat	Added by the OPASERV.H WORM!
X	instit	INSTIT.BAT	Added by the OPASERV.K WORM!
?	InstUtlR.exe	InstUtlR.exe	??
X	intdctrr	idctup20.exe	SafeSurfing adware variant
X	Intec Service Drivers	msmsgrs.exe	Added by the SDBOT-ADN WORM!
X	Intec Service Drivers	[path to worm]	Added by the RBOT-GLU WORM!
X	Intec Service Drivers	wing32.exe	Added by the RBOT.HAZ WORM!
X	Intec Services Driverrs	winrvc.exe	Added by a variant of the SDBOT WORM!
U	IntegardTray	IntegardTray.exe	System Tray access to Integardparental control software from Race River Corp
U	Intel Active Monitor	imontray.exe	System tray monitoring of fans, temperature, voltage, etc for Intel motherboards. Only needed if you "overclock" or live in hot environment. Can also cause problems when running on a laptop if you change PCMCIA cards
X	Intel Audio Studio V2.0	fmideploy.exe	Detected by VBA32 as the BIFROSE.ADR TROJAN!
X	Intel Driver	csrs.exe	Added by a variant of the SDBOT WORM!
U	Intel File Transfer	xfr.exe	Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients
U	Intel PDS	pds.exe	Intel Ping Discovery Service (PDS). Part of Intel's LANDesk Management Suite 6 and the Common Base Agent (CBA) - used for communicating between the core server and managed clients. Will start the dial-up if installed and enabled
U	Intel Product Number Utility	IntelProcNumUtility.exe	Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here
N	Intel PROSet Tray Icon	promon.exe	System Tray icon for Intel PRO series ethernet adapters giving access to the diagnostic features
X	Intel Service Drivers	msconfig16.exe	Added by the MSCONFIG16 TROJAN!
X	Intel system tool	hookdump.exe	Added by the SPYRE-H TROJAN!
X	Intel system tool	winnook.exe	Added by the SPYRE-C TROJAN!
X	Intel system tool	svehost.exe	Added by the AGENT-EBT TROJAN!
X	Intel system works	iis.exe	Added by the RBOT.QGA WORM!
U	Intel(R) Common User Interface	hkcmd.exe	Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. If the user wishes to have "HotKey" access to Intel's customised graphics properties, it is required, otherwise not. It can be disabled via the Display Properties in the Control Panel
N	Intel(R) Common User Interface	igfxpers.exe	Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Not known exactly what it does but apparently it isn't required
X	intel32.exe	intel32.exe	Added by the SmitFraud alias SPYJACK-B TROJAN!
U	Intel? Common User Interface	igfxtray.exe	Part of Intels Common User Interface for chipsets with integrated graphics controllers - which allows user to change different driver properties through Windows User Interface. Quick access to the control panel via a System Tray icon. Available via Start -> Settings -> Control Panel
U	IntelAPMClient	amclient.exe	LANDesk Management Suite software component
N	IntelAudioStudio	IntelAudioStudio.exe	"Intel Audio Studio combines Intel? High Definition audio hardware features with Sonic Focus* Audio Refinement and Dolby* technologies to provide you with a comprehensive tool that puts you in control of your audio experience". Audio utility supplied with Intel motherboards
X	InteliSys	smss.exe	Advertisingvision adware! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	intell32.exe	intell32.exe	Added by the SmitFraud alias Desktophijack.C TROJAN!
X	intell321.exe	intell321.exe	Added by the SPYJACK-B TROJAN!
X	Intelliflag_be.exe	Intelliflag_be.exe	Added by the Intelliflag SPYWARE!
U	IntelliPoint	point32.exe	Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
U	IntelliPoint	ipoint.exe	Microsoft Intellipoint software for their Intellimouse series of mice - required if you use non-standard Windows driver features
U	Intellitype	type32.exe	For MS programmable keyboards. If you disable Intellitype in Startup, any "Hot Keys" that are changed by the user to perform functions other than default settings, defer back to their default settings unless you have changed them
U	IntelMEM	IntelMEM.exe	Related to connection events on an Intel chipset based modem. It can alert you if the telephone line is being used when you're trying to get online (when you're using dial-up). It can also alert you if your modem line is disconnected. Furthermore, it can alert you if you have made a wrong connection with your modem line
U	IntelProcNumUtility	cpunumber.exe	Intel Processor Serial Number Control Utility allows you to enable and disable the processor serial number capability of an Intel PIII processor. You can find more information here. System Tray icon providing the user with a visual state indication. You can find more information here
Y	IntelWireless	ifrmewrk.exe	Associated with the Intel PRO/Set Wireless software
U	IntelZeroConfig	ZCfgSvc.exe	Zero Config MFC Application, part of Intel's ProSET utilities and installed by the drivers for many of Intel wireless network cards - essential to the proper functioning of many of the Intel ProSET utilities (but not all) and these System Tray ProSET utilities are a must if you are using your wireless connection, if only so you know when the signal is fading or dropping. The problem is that, in some PCs, ZCFGSVC can be incredibly badly behaved : taking up to 100% of CPU time and therefore resulting in an extremely slow PC, preventing the installation of software or Windows updates, or causing "Not Responding" or "End this Program" shutdown problems. If you experience this, try first the very latest drivers from Intel or your laptop manufacturer. If that still does not solve the problem and you have WinXP/2003, try setting the "Wireless Zero Configuration" service to disabled
?	Intense Registry Service	IntEdReg.exe /CHECK	Intense Educational Ltd - Language Office Software. Is it required?
X	InterceptedSystem	[path to worm]	Added by the ANACON-B WORM!
Y	InterCheck Monitor	Icmon.exe	Part of Sophos ant-virus sofware
Y	InterCheckMonitor	ICMON.EXE	Part of Sophos anti-virus sofware
X	Interdll	Interdll.exe	Added by the DELF family of TROJANS!
X	Internal	[trojan filename]	Added by the SMOTHER and TRANSLAT TROJANS!
X	Internal	regedit.exe /s %windir%c:[month number]	Added by the FORTNIGHT.D TROJAN!
X	Internal Memory File	sysintmemory.exe	Added by the RBOT-GKT WORM!
X	InternalSystray	Kazza.exe	Added by a variant of the OPTIX TROJAN! Note - unlike the valid KaZaA executable, this is located in C:WindowsSystem (Win9x/Me), C:WinntSystem32 (WinNT/2K), or C:WindowsSystem32 (WinXP)
X	internat	internat.exe	Added by the LYDRA-F TROJAN! Note - the real internat.exe resides in %windir%system (where %windir% is the Windows directory - C:Windows or C:Winnt) whereas this version resides in %windir%
X	Internat	systray.exe	Added by the ALADINZ.P TROJAN! Note - this is not the legitimate systray.exe process. If you right-click on the real systray.exe the "Properties" reveal it to be a Microsoft file
X	Internat	msgsrv32.exe	Added by the NYRUBOT-A WORM!
X	Internat	[trojan filename]	Added by the CMJSPY-Y TROJAN!
X	Internat Conf	bootconf.exe	Homepage hijacker, redirecting to coolwwwsearch.com; see for example here
N	internat.exe	internat.exe	Microsoft language selection icon in system tray, located in the System (Win98/Me) or System32 (WinNT/2K/XP) folder
X	Internat.exe	internat.exe	Added by the NETSNAKE TROJAN! Note - the real internat.exe resides in %windir%system (Win98/Me) or %windir%System32 (WinNT/2K/XP) (where %windir% is the Windows directory - C:Windows or C:Winnt) and has a "?" icon wheras this version resides in %windir% and has a ZIP icon
X	internct	WinSocks5.exe	Added by the GRAYBIRD.F TROJAN!
X	internet	smss.exe	Added by the MIFENG-K TROJAN! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!
X	Internet	Internet.exe	Added by the PWS-CS TROJAN!
X	Internet	recruit.exe	Added by the RBOT-AJG WORM!
X	internet	[trojan filename].exe	Added by the MIFENG-D TROJAN!
X	Internet	winlogom.exe	Added by a variant of the SDBOT WORM!
X	Internet	nteusodp.exe	Added by the RBOT-GFJ WORM!
X	internet	winsas32.exe	Added by a variant of the SDBOT WORM!
X	internet	lsass.exe	Added by the DSPY-A TROJAN! Note - this is not the legitimate lsass.exe process which should not normally figure in Msconfig/Startup!
X	Internet	alm7tas.exe	Added by a variant of the RBOT WORM!
U	Internet Answering Machine	IAMNET~1.EXE	From Callwave. It offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
U	Internet Answering Machine	IAM.exe	From Callwave - offers a free utility to monitor your incoming phonecalls if you only have a single telephone line for internet access
X	Internet Application Driver	expIorer.exe	Added by the IRCBOT-WK TROJAN!
U	Internet Call Director	ICD.EXE	TELUS Internet Call Director (ICD) provides Internet users with real-time call notification while connected to the Internet
U	Internet Call Manager	ICM.EXE	Starts Internet Call Manager dialog box and/or taskbar icons at bootup. This is a subscription program from internetcallmanager.com that monitors a dialup phone line for incoming calls and handles voicemail
X	Internet Config	svchosts.exe	Added by the SDBOT TROJAN!
X	Internet Connection Wizard	stisvsq.exe	EasySearch adware
X	Internet Connection Wizard	[path to trojan]	Added by the SMUTSRCH-A TROJAN!
X	Internet Connection Wizard	stisvsq1.exe	Added by the DLOADR-AWD TROJAN!
X	Internet Content Publisher	ICP.EXE	Added by the RBOT-UD WORM!
U	Internet Disk Cleaner	CLEARH~1.EXE	"Internet Disk Cleaner from Elongsoft "protects your privacy by cleaning up all Internet tracks and past computer activities"
U	Internet Download Accelerator	ida.exe	Internet Download Accelerator download manager
X	Internet download manager service	idman.exe	Added by the RBOT-BMS WORM!
X	Internet Exploere Services	urlmon32.dll.exe	Added by the EVIAN.C WORM!
X	Internet Explore Microsoft	lEXPLORE.EXE	Added by the RBOT-AOF WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
X	Internet Explorer	iexplorer.exe	Added by the LORSIS WORM! Note - the legitimate IE (iexplore.exe) does not figure in Msconfig/Startup unless added manually and this loads from the "RunServices" key
X	Internet Explorer	IEXPLORE.EXE	Added by the RBOT-EY WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Internet Explorer	IExplorer.exe	Added by the NETHIEF-O TROJAN!
X	Internet Explorer	http.exe	Added as part of a new potential CWS infection, and part of a suite of programs that installs a web server, php, ftp server, socks, and mail server on your computer without your knowledge. These files are known to be part of an infection that transmits information about your bank accounts, passwords, and other financial information. It should be deleted immediately, you should enable your firewall, and you should contact your financial services in order to report the issue and to have your passwords changed
X	Internet Explorer	iexpiore.exe	Added by the RBOT-AZC WORM!
X	Internet Explorer Configuration	IEXPLORE.EXE	Added by the SDBOT-UL WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe) process, which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup unless you add it manually! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Internet Explorer Security	iexplore.pif	Added by the RBOT-ALQ WORM!
X	Internet Explorer Updater	lexbac.exe	Added by the DOWNLOAD TROJAN!
X	Internet Explorer Updater	iexplorer.exe	Added by the REUR.B WORM! Note - this is not the legitimate Internet Explorer (iexplore.exe)
X	Internet Firewall Layer	tsqla.exe	Added by a variant of the SPYBOT WORM!
U	Internet History Eraser	HERASER.exe	Internet History Eraser - deletes your browsing tracks
X	Internet Loader1	MSInstall61.exe	Added by the KWBOT.B WORM!
X	Internet Mail and News	msqdevl.exe	EasySearch adware
X	Internet Mail and News	[path to trojan]	Added by the SMUTSRCH-A TROJAN!
X	Internet Mail and News	msqdevl1.exe	Added by the DLOADR-AWD TROJAN!
U	Internet Optimizer	optimize.exe	Internet connection optimizer. Leave this enabled if you find it improves your connection
X	Internet Optimizer	optimize.exe	Internet Optimizer parasite, MoneyTree variant - ActiveX control used to download premium-rate dialers
X	Internet Security Service	msq32.exe	Added by the RBOT-GFP WORM!
X	Internet Security Service	msq23.exe	Added by the RBOT-GQL WORM!
X	Internet Security Service	msql23.exe	Added by the RBOT-GML WORM!
X	Internet Security Service	mysqlwin32.exe	Detected by Trend Micro as the RBOT.UX TROJAN! See here
X	Internet Send	More log.exe	Unidentfied adware
X	Internet Server	inetsrv.exe	Added by the STARTPA-EM TROJAN!
X	Internet Service	intersvc.exe	Added by the SPYBOT-DE WORM!
X	internet service	syscfg32.exe	Added by the RBOT-QS WORM!
X	internet service	ssvhost.exe	Added by a variant of the RBOT WORM!
X	internet service	svho0st98.exe	Added by the RBOT.EAT WORM!
X	Internet Services	systemdev.exe	Added by the SDBOT-PW WORM!
X	Internet Services	internet.exe	Added by the MYTOB.BT WORM!
X	Internet Services	interserv.exe	Added by the RBOT.BNT WORM!
X	Internet Services	Netsvc.exe	Added by the MYTOB.MN WORM!
X	INTERNET SERVISES	winz32.exe	Added by the KWBOT.Z WORM!
Y	Internet Sharing Server	iss_srvr.exe	Intel AnyPoint internet sharing software. Now discontinued
X	Internet Suspention	story.exe	Added by the WOOTBOT.HV WORM!
N	Internet Sweeper	Sweeper.exe	Internet Sweeper - removes unnecessart left over files after browsing the internet
U	Internet Timer	ITIMER.exe	Shareware dial-up connection call cost calculator from Ratsoft
X	Internet Washer Pro	iw.exe	Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
X	Internet.exe	Internet.exe	Added by the MAGICCALL VIRUS!
X	internet.exe	yinyin3345.vbs	Added by the YINI MACRO!
X	Internet2 Optimizer	wkfix.exe	Added by a variant of the RBOT WORM!
X	InternetExplorer2	windows.exe	Added by the SDBOT-CZP WORM!
X	InternetExplorer32	iexplore32.exe	Added by the RBOT-GRA WORM!
X	InternetShield	INTERN~1.EXE	InternetShield misleading security software - not recommended, see here
U	InternetSpy	InternetSpy.exe	Internet Spy - freeware keylogger that tracks all visited websites including the date and exact time these sites were visited. The information is stored in a file that may be accessed by the person who knows where it is saved. Remove unless you installed it yourself!
X	InternetWasherPro	iw.exe	Internet Washer manages temporary browser files, cookies, etc - a 'trial' Internet Washer Pro seems to have been widely stealth-installed around March 2003
X	INTERNET_SERVISES	winz32.exe	Added by the SDBOT.Q TROJAN!
U	InternodeUsage	mum.exe	Australian ISP's free monthly download meter
X	Internt	Internt.exe	Added by the PEEPER or CARUFAX.A TROJANS!
X	Intersoft Msngr	intersoftmsngr.exe	Added by the AGOBOT-NW WORM!
N	InterTrust Quick Start	it_cpq~1.exe	InterTrust offers something known as Digital Rights Management to control legal software download and other E-commerce related business
X	InterU	WINDRV.EXE	Added by the IRCINTER.A TROJAN!
N	Intervideo Win Cinema Manager	WinCinemaMgr.exe	WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
N	Intervideo Win Cinema Manager	WINCIN~1.EXE	WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
N	Intervideo WinCinema Manager	WinCinemaMgr.exe	WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
N	Intervideo WinCinema Manager	WINCIN~1.EXE	WinCinema Manager is needed when using the WinDVD Remote Control for WinDVD from Intervideo. Available via Start -> Programs
N	Intervideo WinScheduler	WinScheduler.exe	WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
N	Intervideo WinScheduler	SchSvr.exe	WinScheduler is installed with WinDVD Remote Control for WinDVD from Intervideo. If you want to schedule recordings from your TV tuner card, you will need it. Available via Start -> Programs
U	InterWARN	interwarn.exe	InterWARN by Storm Alert Inc. Provides customized, automated access to critical weather and civil emergency information from the US National Weather Service. Required if audio and screen crawler alerts are desired. Also available via Start -> Programs
X	Intespention	IEXPLORE.exe	Added by the FORBOT-FL WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Intmgr	Intmgr.exe	Added by the GEMA TROJAN!
X	intranet	SYS32CFG.EXE	Added by the SPYBOT-DW WORM!
X	Intranet	intranet.exe	Added by the CHIMOZ.AC TROJAN!
X	Intranet Explorer	iexplorer.exe	Added by a variant of AHENT-CAX TROJAN!
X	Intrenat	Intrenat.exe	Added by the LEMIR.E TROJAN!
N	Introducing Media Manager	SPLASHA.EXE	MS Media Manager tour. Not required
N	Introduction-Registration	??	For Compaq PC's. Should only run first time, PC Introduction & Compaq registration
X	IntruderAlert	ia99.exe	Intruder Alert '99 from Bonzi - spyware
X	IntSys1	[path to trojan]	Added by the BANLOA-ASE TROJAN!
U	Inventory Scan	LDISCN32.EXE	LANDesk Management_Suite software component
X	Ioadqm	Media Player.exe	Added by the HAWAWI WORM!
N	iobi	iobiClient.exe	iobi Home - a mail/voice service by Verizon
Y	iolo AntiVirus	ioloAV.exe	iolo AntiVirus
Y	iolo Personal Firewall	ioloFW.exe	iolo Personal Firewall
U	Iolo Task Agent	Task_Agent.exe	Iolo System Mechanic Task Agent. Scheduled maintenance
N	iolo Utility Bar	SMUtilityBar.exe	Iolo System Mechanic Utility Bar - can be launched manually
U	ioloDelayModule	delay.exe	Part of Iolo System Mechanic. Used to delay the start of an application which loads automatically as Windows loads
U	Iomega Automatic Backup	ibackup.exe	Iomega Automatic Backup - automatic backups for use with Iomega portable HDD
U	Iomega Automatic Backup 1.0.1	ibackup.exe	Iomega Automatic Backup - automatic backups for use with Iomega portable HDD
N	Iomega Backup Scheduler	dtiom98.exe	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
U	Iomega Disk Icons	IMGICON.EXE	Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
U	Iomega Drive Icons	IMGICON.EXE	Displays Iomega icons in Explorer/My Computer, ejects Zip disks on shutdown and displays a special delete confirmation box when deleting files on an Iomega drive. Available via Start -> Programs. If you disable it remember to eject disks first before powering the drive down - hence the "U" recommendation. Note - FreeCell may not run with ImgIcon running
U	Iomega ImIconXP	imiconxp.exe	Iomega REV System Software - allows your Iomega REV drive to interact with the operating system via the Iomega REV UDF file system, and provides drag-and-drop file access, access and write protection, and formatting of the disks
?	Iomega QuickSync	Quicksync.exe	??
N	Iomega Startup Options	IMGSTART.EXE	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
N	Iomega Watch	IOWATCH.EXE	Used by Iomega drives. Available via Start -> Programs
N	IomegaWare	COMMANDER.EXE	Used by Iomega drives. Details of its purpose can be found here. Available via Start -> Programs
U	Iomon98.exe	Iomon98.exe	PC-Cillin 98 real time virus check. Can cause floppy disk accesses to hang
X	ioroxxo microsoft sux	system32.exe	Added by a variant of the RBOT WORM!
X	IP Packet Redirect Service	ipredirect.exe	Added by the FORBOT.SM WORM!
X	IP Stack	ipstack.exe	Added by the AGOBOT.CW WORM!
X	IP*.exe [ = random char]	IP*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	IP*32.exe [ = random char]	IP*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
N	iPalm	mon.exe	Installed with a Panasonic iPalm digital camera. Used to upload photos from the camera. If your camera is not connected (via USB port) you do not need this program loaded
X	IPC Connection	ipcconn.exe	Added by the RBOT-AEG WORM!
X	IPC Spool Manager	wnmgre.exe	Added by the SDBOT-ZC WORM!
X	IPC Spool Manager	winspec.exe	Added by the SDBOT-BLU WORM!
X	ipcfg.exe	ipcfg.exe	Adware - detected by McAfee as a variant of the ADCLICKER-BM TROJAN!
X	IPConfig	svcxnv32.exe	Added by the HACARMY.E TROJAN!
X	IPConfig	svcxnw32.exe	Added by a variant of the HACARMY.E TROJAN!
X	IpCtrl	ipcon32.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	IPFW	ipwf.exe	Added by the DLOADER-YF TROJAN!
?	IPHSend	IPHSend.exe	AOL related. What does it do and is it required?
X	IPInSightLAN 0*	ipclient.exe	Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resources. * represents 1 or 2
N	IPInSightMonitor 0*	ipmon32.exe	Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. * represents 1 or 2
Y	IPinst	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
?	iPlusAgent2	iAgent2.exe	Related to iriver portable media products. What does it do and is it required?
X	ipmon.exe	ipmon.exe	Added by the RECERV or R3C.B TROJANS!
X	IpNetwork	ipnetwork.exe	Maxifiles adware
X	Ipnuker	Ipnuker.vbs	Added by the INKER.B WORM!
N	IPO3	IP Operator 2005.exe	IP Operator 2005 - found on LG Electronics Notebook. The applet makes network connections easier to view and manage than does the standard Windows Network Connections tool. The WLAN module is easy to turn on or off with the press of a single button
X	Ipod Help	[9 random letters].exe	Added by a variant of the RBOT WORM!
X	iPOD USB Driver	IPODUSB.EXE	Added by a variant of the RBOT WORM!
X	iPod USB Service	iPODService.exe	Added by a variant of the RBOT WORM! Do NOT confuse with the Apple iPod process of the same name. The legitimate iPod file will always be located in the Program FilesiPodbin folder, and is implemented as a system service, thus NOT listed in Msconfig/Startup!
U	iPodManager	iPodManager.exe	Apple iPod Management software for the iPod MP3 player. Allows updating, formating, restoring and other functions associated with iPods
?	iPodWatcher	iPodWatcher.exe	Associated with Apple's iPod MP3 player. Detects when the iPod is connected?
X	IPOT Service Drivers	compaq.exe	Added by a variant of the FUROOTKIT TROJAN!
X	IPOT Service Drivers	compaq.exe	Added by a variant of the FUROOTKIT TROJAN!
X	IPOT USB Service DRIVER	hpsebc087.exe	Added by the SDBOT-WA WORM!
X	IPOT USB Service DRV32	hpsebc08.exe	Added by the SDBOT-WH WORM!
N	IPPDetect	IPP4Detect.exe	Part of Presto! Mr.Photo - "an ideal program for creating, sharing, and manag-ing digital images and videos"
X	ipreg	ipreg.exe	Added by the ZAGABAN-H TROJAN!
?	iPrint LPT Redirector	nipplpte.exe	Related to Novell iPrint - "a printing solution that enables you to send documents to printers located throughout the Net." Is it required?
N	iPrint Tray	iprntctl.exe	Novell? iPrint - based on Novell Distributed Print Services - enables you to send documents to printers located throughout the Net
U	iProtectYou	ip.exe	iProtectYou - internet filtering/parental control and network monitoring software
X	iprun	iPY.exe	iProtectYou spyware
U	ipsecdialer	IPSECD~1.EXE	Cisco VPN Client - lets local users gain Administrator privileges on the operating system
U	ipsecdialer	ipsecdialer.exe	Cisco VPN Client - lets local users gain Administrator privileges on the operating system
Y	IPSecMon	IPSecMon.exe	Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
X	IPTable Configuration	Winipcfgs.exe	Added by a variant of the RBOT WORM!
N	iptray	iptray.exe	System Tray access to Intel Desktop Utilities - "provides you with the means to monitor system temperatures, voltages, fan speeds, and hard drive health; view detailed system information, and test your system hardware for common errors"
X	IPv6 Helper Driver	csass.exe	Added by the AGOBOT.TC WORM!
X	IPv6 STUN Service	netstun.exe	Added by a variant of the SDBOT WORM!
N	IPW	IPW.exe	Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"
N	ipw	usbipw.exe	Related to Internet Phone Wizard from Actiontec - Voice over IP (VoIP) that allows you to "make and receive free Internet calls on your regular phone" whilst "at the same time, make and receive regular (landline) calls on your phone"
X	ipwf	ipwf.exe	Added by the SCHOEBERL TROJAN!
X	IpWins	ipwins.exe	IPWins adware
X	ipxwshel	ipxwshel.exe	Added by the WAREZOV.DG WORM!
?	IQES.exe	iqes.exe	??
U	Ir41_32.ax	regsvr32.exe Ir41_32.ax	Intel® Indeo® video 4.4 Decompression Filter related. The "Ir41_32.ax" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	irassync	irasyncd.exe	IRASSync adware
X	irc session	sessionmgr.exe	Added by the SDBOT-ACE WORM!
Y	IREIKE	IreIKE.exe	Microsoft L2TP/IPSec VPN Client for Win98/Me/NT. Secure technology for making remote access virtual private network (VPN) connections across public networks such as the Internet
N	iRis Active Monitor	winmon32.exe	Iris Antivirus - discontinued, replace with good alternative
N	iRiS AntiVirus Active Monitor	WIMMUN32.exe	Iris Antivirus - discontinued, replace with good alternative
U	iRiver AutoDB	MLService.exe	Associated with the iRiver Music Manager
N	iRiver Updater	Updater.exe	Updates for the iRiver Music Manager - used with their digital music players
U	IrMon	IRMON.EXE	System Tray access to infra-red devices. Not required unless you use infra-red devices
?	IRPMonitor	itcnmon.exe	??
X	irssyncd	irssyncd.exe	SafeSurfing adware variant
X	Irwftp	[path to trojan]	Added by the BANCOS-AP TROJAN!
X	irwftp	iexplorer.exe	Added by the BANKER-AN TROJAN!
X	irwftp	ftpmon.exe	Added by the BANCBAN-BO TROJAN!
U	IrXfer	IrXfer.exe	Microsoft Infrared Transfer application
X	ir_ftp	ir_ftp.exe	Added by the IRFTP TROJAN!
X	ir_ftp	irwftp.exe	Added by the BANCOS.H TROJAN!
N	IS CfgWiz	cfgwiz.exe	Norton Internet Security configuration wizard
X	Isass	Isass.exe	Added by the FUTRO TROJAN!
X	IsassRenascimento	Issas.exe	Detected by Kaspersky as the BANKER.GAX TROJAN! See here
U	ISBMgr.exe	ISBMgr.exe	Related to Sony ISB Utility. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems
X	iscch	iscch.exe	Added by the LCPRANK-A WORM!
N	isdbdc	isdbdc.exe	For Compaq PC's. May install properties in dial-up networking when you register with an ISP
U	isDeleteMe	isDel.bat	Used by Norton Internet Security to remove certain files and directories on reboot when uninstalling their product
N	ISDN Monitor	Linksts.exe	Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
U	ISDNwatch	IWatch.exe	FRITZ!X ISDNWatch - "dialing filter for more security and control on the ISDN PC. The PC is doubly protected against dialer programs and premium-service numbers: ISDNWatch allows the user to block calls to and from both individual numbers and whole number blocks"
X	iSecurity applet	rundll32.exe iSecurity.cpl, SecurityMonitor	Detected by Trend Micro as the DLOADER.UZO TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
U	ISHelp	help.exe	ISpy is a security risk that logs keystrokes and captures screenshots. If you didn't install this yourself uninstall it
U	iShield	iShield.exe	"GuardWare iShield blocks pornographic images when you surf the Internet on your computer using a web browser"
X	ishost.exe	ishost.exe	Added by the XJ TROJAN!
Y	ISLP2STA	ISLP2STA.EXE	A process from Cisco Systems Inc associated with Windows Update for wireless NIC drivers
X	ISMModule	ISMModule.exe	Hyperlinks Rotator (aka ISMonitor) adware
X	ISMModule2	ISMModule2.exe	Hyperlinks Rotator (aka ISMonitor) adware
X	ISMModule3	ISMModule3.exe	Hyperlinks Rotator (aka ISMonitor) adware
X	ISMModule4	ISMModule4.exe	Hyperlinks Rotator (aka ISMonitor) adware
X	ISMPack5	ISMPack5.exe	Hyperlinks Rotator (aka ISMonitor) adware
X	ISMPack6	ISMPack6.exe	Hyperlinks Rotator (aka ISMonitor) adware
X	ISMPack7	ISMPack7.exe	Hyperlinks Rotator (aka ISMonitor) adware
Y	ISP.COM High Speed	slipgui.exe	User interface for Slipstream - internet acceleration through compression/decompression techniques, intelligent cacheing on the server side, and real-time conversion of large/high-bandwidth images to less bulky pix. Used by popular ISPs such as IceNet, Wanadoo, Terra, OnSpeed, United Online and AOL Canada. Required if the user's account is locked in to that proxy server
X	ISPSERVICE	psycho.exe	Added by the IRCFLOOD-O TROJAN!
U	iSpyNOW	ispynow.exe	iSpyNOW - remote monitoring and surveillance software
X	Israfel	Israfel.vbs	Added by the GAGGLE.D or GAGGLE.E WORMS!
N	IsReminder	ISPopup.exe	Related to GuardWare iShield - this is the registration reminder for the trial version, so not required in startup
X	ISS	inet.exe	Meplex adware
X	issearch.exe	issearch.exe	Added by the ZLOB-QF TROJAN!
X	issEnc32Svr	issEnc32.exe	Added by a variant of the RBOT WORM!
N	ISSI EZUpdate Service	issimsvc.exe	Part of IBM Global Services - used internally by IBM for automatic updating of software and Microsoft patching
U	ISStart	ISStart.exe	LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
Y	ISSVC	ISSVC.exe	Part of Norton Internet Security Suite
Y	ISS_Certtool	certtool.exe	IBM Client Security Certification Tool
X	IST Service	istsvc.exe	ISTBar adware
X	ist service uninstall	[random filename]	ISTBar parasite related
X	istinstall zazzer.exe	istinstall zazzer.exe	Unidentified adware downloader/installer
U	ISTray	pctsTray.exe	Part of Spyware Doctor anti-spyware from PC Tools
N	ISUSPM Startup	ISUSPM.exe	InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
N	ISUSScheduler	issch.exe	InstallShield Update Service Scheduler. Automatically searches for and performs any updates to the software so you're always working with the most current version
U	ISW.exe	ISW.exe	Related to Internet Security Wizard from AT&T (formerly BellSouth Premium Internet Security) alerts users about any potential security threats. It should not be uninstalled unless the user wants to completely remove all traces of AT&T Internet Security Suite
X	isxa	isxa.exe	Added by the SMALL-EIV TROJAN!
N	iSysCleaner	iSysCleaner.exe	iSysCleaner - a simple tool that searches for junk files on your computer and allows you to delete them. Simple cleaning maintenance can be done by the user
X	isystem	isystem.exe	Added by the CHORUS-A TROJAN! Searchforfree browser hijacker
X	ItalU	italfds.exe	Added by a TROJAN! See here TROJAN!
U	Itk	Itk.exe	In The Know - surveillance software that creates records of everything people do on a computer, ie, spying or monitoring depending upon how you call it
U	itk.exe	itk.exe	Insert ToggleKey by Mike Lin. ITK sounds a tone whenever you press Insert
U	iTouch	iTouch.exe	iTouch loads the iTouch configuration program for Logitech keyboards. It's needed if your keyboard has shortcut buttons and if you use them. It's also needed if your keyboard does not have the num lock, caps lock, and scroll lock lights on it and you use the on-screen displays for num lock, caps lock, and scroll lock
N	ItsDeductiblePopUp	ItsDeductible.exe	ItsDeductible from Income Dynamics. Calculates your noncash donations quickly and easily. This startup entry checks a registry entry for the next 'PopUp' date and if it is a past or current date displays a program related tip
X	ITUNES	itune.exe	Added by the RBOT-ZU WORM!
X	ITUNES	itunes.exe	Added by the OSCABOT-L WORM! Note - this file will be placed in the WindowsSystem32 or WinntSystem32 folder, and should not be confused with the (legitimate) Apple iTunes process, always located in the Program FilesiTunes folder
X	Itunes	dials.exe	Detected as Trojan-Dropper.Win32.Agent.mm by Kaspersky Anti-Virus
Y	iTunes Helper	iTunesHelper.exe	Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
X	iTunes Music	iTunesHelper32.exe	Added by a variant of the SDBOT WORM!
X	iTunesAgent	ita.exe	Added by the TACTSLAY.U TROJAN!
X	itunesff	itunesff.exe	Added by the EB adult premium dialer
Y	iTunesHelper	iTunesHelper.exe	Installed with Apple's iTunes for Windows. Uses ~3-4MB of memory and if disabled in MSCONFIG or deleted from the registry it will re-instate itself after running iTunes a few times - hence the reluctant Y recommendation
U	itype	itype.exe	Microsoft IntelliType Pro related. Allows you to map the extra function keys to any program you like. The extra keys are set to defaults such as Messenger, Mail, My Document, etc. Not required unless you want to use the extra keys
N	Iusage	netdet.exe	Internet Usage Monitor - utility to calculate the cost and time on the internet via dial-up
X	iut75	uzcx.exe	Added by the DLOADER-AXV TROJAN!
X	ivHost	taskManager.exe	Added by a variant of the SPYBOT WORM! See here
N	IVPServiceMgr	ivpsvmgr.exe	Toshiba IVP Service Manager application which appears as a red satellite dish icon in the System Tray. This is Toshiba's equivalent to the Windows Automatic Update feature as, whenever you are connected to the Internet, it will check for Windows updates and Toshiba updates
X	ivy.exe	ivy.exe	Added by the AGENT-ENZ TROJAN!
N	IW ControlCenter	iwctrl.exe	Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
U	iwctrl	iwctrl.exe	Pinnacle Systems InstantWrite enables you to use your CD-R, CD-RW and DVD-RAM drive just like a hard disk or floppy disk. You can drag and drop files, create new directories right on your CD-R, CD-RW or DVD-RAM. Maybe required if you use this feature on a regular basis
X	ixplore	ixplore.exe	Added by the SDBOT-CY TROJAN!
X	ixproxy	[path to trojan]	Added by the XORPIX-A TROJAN!
X	ixsso	ixsso.exe	Added by the AGENT.AM TROJAN! Note - example names include "XviD", "Winamp Remote", "Windows Media Player" and "Futuremark"
X	iyelejiv	yujixit.exe	Added by the SDBOT.BJK WORM!
?	IZE	N/A	??
N	j2 Tray Menu	HotTray.exe	eFax Messenger Tray Menu system tray icon for eFax Messenger Plus. Available via Start -> Programs. Disabling instructions available here
X	JA Cfg Util v2	jacfg2.exe	Added by the RBOT-AL WORM!
X	JA Config 32	Awesome32.exe	Added by a variant of the SDBOT WORM!
U	Jammer	jammer.exe	Jammer by Agnitum - "Jammer is the last word in Internet security. It combines a user-friendly interface with very sophisticated and powerful security measures that protect your Windows system while you are surfing the web"
X	Jammer2nd	Jammer2nd.exe	Added by the NETSKY.Z WORM!
X	java	remote.cmd	Added by the BANKER-EHG TROJAN!
X	Java applet	javaup.exe	Added by the SDBOT-ACF WORM!
X	Java Auto Update	ujm.exe	Added by the SDBOT-ADH WORM!
X	Java Runtime Environment	jbuild.exe	Added by the DELBOT-J WORM!
X	Java Runtime Value	runjava.exe	Added by the RBOT-DDJ WORM!
X	Java Runtimes	iexplore.exe	Added by the KILLAV.B WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in a WinntJavaJava folder
X	Java Softe	Java32.com	Detected by Kaspersky as the RBOT.ECN WORM! See here
X	Java Virtual Machine	javaw.exe	Added by a variant of the RBOT WORM!
X	Java*.exe [ = random char]	Java*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Java*32.exe [ = random char]	Java*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	java-plugin	javasctp.exe	Added by the VB.AMX TROJAN!
X	Java32 Configuration Loader	msnmesgr.exe	Added by a variant of the RBOT WORM!
X	JavaCore	JavaCore.exe	Detected by Trend Micro as the DROPPER.AIO TROJAN! See here
X	Javascript	jscript.exe	Added by the DELBOT-AD WORM!
X	JavaScript Debugging Service	JsDbgMan.exe	Added by the DERDEO.E WORM!
X	JavaScriptMsxrs	Msxrs.exe	Detected by Kaspersky as the BANLOAD.ERP TROJAN! See here
X	JavaUpdate0.07	[filename]	Added by the JUPDATE TROJAN!
X	JavaUpdateSched	jusched32.exe	Added by the CKB TROJAN!
X	JavaVM	java.exe	Added by the MYDOOM.M or MYDOOM.N or other variants of the MYDOOM WORMS! Note - not to be confused with the valid Windows "java.exe" which resides in C:WindowsSystem (Win9x/Me), C:WinntSystem32 (WinNT/2K) or C:WindowsSystem32 (WinXP) as this resides in C:Windows or C:Winnt
X	jawa32	jawa32.exe	Added by the AGENT.BG WORM!
X	Jawa322	jawa32.exe	Added by a variant of the AGENT.BG trojan
N	JB	Jiffybar.exe	"Get Paid As You surf" application
X	jcidls	[random filename]	Added by a variant of the SLAPER TROJAN!
U	Jessops Insert Detect	InsDetect.exe	Jessops Insert Detect from Jessops Picture Suite
N	Jet Detection	ADGJDet.exe	Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Y	JetAdmin Discovery Indicator	HPJETDSC.EXE	HP JetAdmin software for HP JetDirect Print Servers. HPJETDSC.EXE is the file necessary for the JetAdmin Discovery Indicator (paper airplane in the taskbar). It gets launched automatically through the registry, and remains active to control the Discovery Indicator
X	jete	yujixit.exe	Added by the SDBOT.BRT WORM!
X	jiahus	svchqs.exe	Added by the WOWPWS-AL TROJAN!
X	jijbl	ezlwy.bat	Added by the REDDW WORM!
X	jkdfj94kgdftdf	winlogan.exe	Added by the ZLOB.BZ TROJAN!
U	JMB36X Configure	JMRaidTool.exe	JMB36x series RAID configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers
U	JMB36X IDE Setup	JMInsIDE.exe	JMB36x series IDE (or Parallel ATA) configuration utility from JMicron Technology for their PCI Express to SATA II and PATA Host Controllers
U	Job-oversigt	taskmon.exe	Task Monitor (on Danish language versions of Windows) - checks the disk-access patterns of programs when they are started and stores this information in log files in the Applog folder. Task Monitor also records the number of times you use a program. Task Monitor also records the number of times you use a program. The Disk Defragmenter tool uses this information to optimize your hard disk so that programs that you use frequently are loaded faster. Not required - but can be useful. Note: for Norton Anti-Virus 2002 users, loading TaskMonitor will typically solve many, if not most, of those annoying IE scripting errors (per Symantec's Knowledgebase)
U	JobHisInit	JobHisInit.exe	Used by Ricoh network printers to enable network printing from the client
U	Jog Serve	JogServ2.exe	"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
U	JogServ2	JogServ2.exe	"Jog Dial" on a Sony Vaio laptop. The dial can select various functions such as control audio. Needed if you use its features
X	johkjh	srvd.exe	Added by a variant of the SLAPER TROJAN!
X	john315	srrvc.exe	Added by an unidentified WORM or TROJAN!
X	johnj315	srvc.exe	Added by variant of the MAILBOT-BI TROJAN!
X	johnj3155	srvcc.exe	Added by variant of the MAILBOT-BI TROJAN!
X	johnj3cd	srvdc.exe	Added by a variant of the SLAPER TROJAN!
X	jon315	[path to trojan]	Added by the MAILBOT-BI TROJAN!
?	jotl	millenzje.exe	??
U	JOYTECH USB Neo S Controller	JoytechNeoSTrayIcon.exe	System Tray access to Joytech Neo S PC gamepad controller software
X	jpgdiag	[path to worm]	Added by the STRATION-AN WORM!
X	Jreg	Jreg2b.exe	BroadcastPC adware variant
X	jucheck	jucheck.exe	Added by the SCRIMGE.O WORM!
X	Jufualt	winxp2.exe	Added by the SDBOT-AAB WORM!
X	Jufualt	svhost.exe	Added by the SDBOT-ADJ WORM!
N	Juno_uoltray	exec.exe	Juno ISP software - not required
N	jusched	jusched.exe	Checks with Sun's Java updates site to see if newer Java versions are available. Visit http://java.sun.com or just run the Java Plug-In Control Panel
X	jusched	[path to trojan]	Added by the BANKER-BWR TROJAN!
X	jushed32.exe	jushed32.exe	CoolWebSearch parasite variant - also detected as the BIZTEN-L TROJAN!
X	jusodl	severe.exe	Added by the QQPASS.48436 TROJAN!
U	JussDropUtility	JussDrop.exe	Related to DropShots Inc. A subscription based service for family to connect, converse and share photos and videos
X	jutsu	jutsu.exe	Added by the RBOT-LS WORM!
U	jv16 PT TempFileTool	TempTool.exe	jv16 PowerTools File Cleaner - "allows you to find obsolete and left-over temporary files"
U	jv16PT - Privacy Protector	Task.jvb	jv16 PowerTools Privacy Protector - "allows you to protect your privacy by automatically clearing out all the unwanted history items and cookies from you computer, every time you start your computer"
U	Jv16pt Network Resident	jv16pt_network.exe	jv16 PowerTools network resident program. Only needed if you are using the program's network features
X	JvcHost	jvcsvc32.exe	Added by the AGOBOT-AIU WORM!
X	jvdnlssn	fljzsshc.exe	Flingstone.com adware - and its Golden Palace Casino program
X	JVM0	JVM0.exe	Added by the BANLOA-AX TROJAN!
X	JVM0.12	[random filename]	Added by the TEADOOR-A TROJAN!
X	JVM0.14	[random filename]	Added by the TEADOOR-B TROJAN!
X	jvms.exe	jvms.exe	Added by the ORCU.B TROJAN!
X	JW Manager	jwmngr.exe	Added by the DELBOT-G WORM!
X	jxef1104	jxef1104.exe	Added by the XIPI-A WORM!
X	JXL Radio	jxl.exe	Added by the RBOT-EBE WORM!
X	jysyqm	[random filename]	ZenoSearch adware
?	Jzi16	jzi16.exe	??
X	K2ps_full.task	K2ps_full.exe	Added by the JUNTADOR.K TROJAN!
N	K6CPU.EXE	K6CPU.EXE	Authenticates CPU as K6 in system properties
X	Kadoc	[random filename].exe	Added by the STAPREW TROJAN!
U	KADxMain	KADxMain.exe	System Tray access to IntelliSonic Speech Enhancement - by Knowles Acoustics. Designed to render speech from a user selectable direction, while canceling interfering speech from other directions, thus minimizing the effects of environmental noise and eliminating acoustic echo feedback. Found on some Dell and Fujitsu Seimens laptops
X	kak	kak.hta	Added by the KAKWORM WORM!
U	Kalibump	Kalibump.exe	Used with the now unsupported Kali software for on-line gaming. This is used to automatically bump up the priority of WinProxy to GREATLY improve game speed when using a SOCKS proxy
X	kalvsys	kalv***.exe [ = random char]	EliteBar adware
X	kalvsys	kalv**32.exe [ = random char]	EliteBar adware
N	Kana Reminder	Reminder.exe	Kana Reminder is a program which can be used to set a reminder to be triggered at a specified time
U	Karen's Once-A-Day II	PTOAD.exe	"Have a job that should be run exactly once each day? Karen's Once-A-Day II is just what you need!" Scheduler that lets you specify progams, web pages and files that be run or opened automatically, the first time
U	KASP	OESpamTest.exe	Kaspersky Anti-Spam
X	Kasper Antivirus	KASPERANTIVIRUS.EXE	Added by a variant of the SPYBOT WORM!
Y	Kaspersky Anti-Hacker	KAVPF.exe	Kaspersky Anti-Hacker firewall
X	Kaspersky Antivirus	KasperskyAV.exe	Added by a variant of the RBOT WORM!
X	kaspersky32	kasperskyLabs32.exe	Added by the RBOT-GOT WORM!
X	KasperskyAv	kaspersky.exe	Added by the MIMAIL.T WORM! Note - this has nothing to do with the real Kaspersky AntiVirus
X	KasperskyAVEng	Kasperskyaveng.exe	Added by the NETSKY.V WORM!
X	KAT	KAT.vbs	Added by the SOAD-D WORM!
U	KatMouse	KatMouse.exe	KatMouse - utility to enhance the functionality of mice with a scroll wheel, offering 'universal' scrolling, etc
Y	kav	avp.exe	Kaspersky anti-virus and AOL's Active Virus Shield (by Kaspersky) - found in either a Kaspersky or AOL sub-directory
X	kava	kavo.exe	Added by the LINEAG-GLG TROJAN!
X	KAVFOX	win1ogoin.exe	Added by the GWGHOST-M TROJAN!
X	kavir	kavir.exe	Detected by Kaspersky as the ZHELATIN.XV WORM! See here
X	KAVPersonal	svchost.exe	Added by the LINEAGE-V TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
Y	KAVPersonal50	Kav.exe	Kaspersky Anti-Virus Personal 5.0
X	KAVPersonal90	wscntfy.exe	Added by the BANKER-FZ TROJAN!
Y	KavPFW	KavPFW.exe	KingSoft Personal Firewall
X	KavRuns	Windll.exe	Added by the TRYNOMA TROJAN!
Y	KavStart	KAVStart.exe	KingSoft Personal Firewall
Y	kavsvc	kavsvc.exe	Kaspersky antivirus
X	kavsvc	[random 6 char filename]	Qoologic downloader trojan variant using random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe) - do not confuse with the Kaspersky antivirus startup item, as described here
X	KavSvc	*****.exe reg_run [ = random char]	Added by the QOOLOGIC TROJAN!
X	kavsvc	[random 6 char filename]	Added by the QOOLOGIC TROJAN! Uses random file names (examples: nzkklz.exe, rzazzi.exe, ivpaan.exe)
X	KAVutil	[worm filename]	Added by the WINTOO.B WORM!
N	KAZAA	kazaa.exe	KAZAA is a file-sharing program which unfortunately being ad-based includes "Cy-door" adware. Check here for information about "Cy-door" and here for a program that can remove it
X	Kazaa Download Accelerator Updater (required)	regsvr32 kdp***.dll [ = random char]	SafeguardProtect/Veevo hijacker. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The random DLL file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Kazaa lptt01	kazaa.exe	RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name
X	Kazaa ml097e	kazaa.exe	RapidBlaster variant (in a "kazaa" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid KaZaA file sharing program which has the same executable name
X	KAZAACuf	9	Added by the KITRO.D (or ARGEN.A) WORM!
N	kazaalite	kazaalite.exe	Kazaalite is a file sharing client - not to be confused with the original Kazaa program. Unlike the original, this one does not contain any advertising or tracking mechanisms
N	KaZooM	KaZooM.Exe	KaZoom from Blue Haven Media - "add-on application that automatically speeds up the download process and finds the files you want with far more power than regular KaZaA searches"
X	kb	AUTO.txt	Added by the BRONTK-CV WORM!
Y	KB891711	KB891711.exe	Installed by the Windows KB891711 critical update, see this security bulletin - this file reportedly needs to continue running in order to patch the vulnerability, at least until a more practical solution is found. There have however been reports of fatal exception errors in systems running Windows 98, and in such a case Microsoft advises to either uninstall the patch (Add/Remove Programs) or prevent it from running at startup
Y	KB918547	KB918547.EXE	Bug-fix for a Microsoft graphics rendering engine vulnerability - see here. Windows 98/Me only
Y	KB926239	rundll32.exe apphelp.dll, ShimFlushCache	Microsoft KB926239 fix. Windows Media Player 10 may close unexpectedly on a Windows XP-based computer
U	KBD	KBD.EXE	Multimedia keyboard manager. Required if you use the multimedia keys
U	KBD	KbdStub.EXE	Key Watcher from HP - watches for Multimedia Keys on HP keyboards
U	KBD MediaCenter	MEDIACTR.EXE	Multimedia keyboard manager. Required if you use the multimedia keys
X	kbddrv32	kbddrv32.exe	Added by the CRYPTER.A TROJAN!
X	kbddrvinf	kbddrvinf.exe	Added by the CRYPTER.A TROJAN!
N	KCeasy	KCeasy.exe	KCeasy - a Windows peer-to-peer filesharing application which uses giFT as its 'back end' foundation. The networks currently supported are OpenFT and Gnutella
U	KClient	kstatus.exe	KClient Kerberos client software for Win32 systems. It provides the libraries and utilities needed to use Kerberos-based PC applications developed by Computing Services such as KWeb and NiftyTelnet
N	kdx	KHost.exe	Verisign Kontiki Delivery Management System - Windows-based client software that enables secure delivery of content to users' desktops
U	KE9801	DriBat32.exe	KE9801 multimedia keyboard driver - required if you use the multimedia keys
X	Keenvalue	Keenvalue.exe	eUniverse/KeenValue adware
U	KEMailKb	KEMailKb.EXE	Controls the buttons at the top of the Micro Innovations 650i Internet Access Keyboard. If you disable it you cannot use the buttons - like volume control or shut down
?	Kemet	kemet.exe	??
U	KeNotify	KeNotify.exe	Toshiba utility found on their laptops. This program is responsible for the Toshiba LapTop Help 'FlashCards' utility that sits at the top of the screen giving easy access to the 'F keys' alternative functions such as Lock,Power Mode,Sleep etc
U	Kerio VPN Client	kvpnclient.exe	Kerio VPN Client
X	kern64dll	[random filename]	Added by the TARNO.J TROJAN!
X	Kernal Fault Check	ntosrkl.exe	Added by a variant of the SDBOT WORM!
X	kernctl32	rundll32 kctl32.dll, initialize	Added by the AGENT.AT TROJAN!
X	Kerne0223	Kerne0223.exe	Added by the LEGMIR-ZA TROJAN!
X	Kernel	bboy.exe	Added by the MUMU.B WORM!
X	Kernel	services.exe	Added by the FOOZ-A TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
X	kernel	kernel.exe	Added by the MATCASH.CF TROJAN!
X	KERNEL 32	SKERNEL32.com	Added by the SEMAPI-A WORM
U	Kernel and Hardware Abstraction Layer	KHALMNPR.EXE	Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
X	Kernel Faults	ftphost.exe	Added by the RBOT.BHU WORM!
X	Kernel Loader	ntkrnl.exe	Added by the CERVIVEC.A WORM!
X	Kernel Manager	krnlmgr.exe	Added by the JUNY.A TROJAN!
X	Kernel Safe Mode	smss.exe	Added by the 78CRACK-A TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Kernel Services	service32.exe	Added by the PRX-B TROJAN!
X	kernel system daemon	ACTIVAT0R.exe	Added by the RANDEX.AW WORM!
X	kernel12.exe	kernel12.exe	Added by an unidentified WORM or TROJAN!
X	kernel32	kern32.exe	Added by the BADTRANS.A WORM!
X	Kernel32	Kernel32.exe	Added by a number of VIRUSES, WORMS and TROJANS!
X	kernel32	kernel.dli	Added by the NETDEVIL.B TROJAN!
X	Kernel32	Kernel.dll	Added by the REDLOF.M VIRUS!
X	kernel32	kernel32.dlI	Added by the NETDEVIL.15 TROJAN!
X	Kernel32	krnl32.exe	Added by the EPON WORM!
X	Kernel32	Kernel32.win	Added by the GAGGLE.D or GAGGLE.E WORMS!
X	Kernel32	kernel32s.exe	Added by the SDBOT-PU TROJAN!
X	kernel32	kernel32.dll.vbs	Added by the WEKODE-A WORM!
X	Kernel32	svchosts.exe	Added by an unidentified WORM or TROJAN!
X	kernel32dll	guardpc.exe	Added by the FORBOT-CU WORM!
X	kernel44.dll	taskkill /f /fi "PID ge 0" /im *	Added by the VBS.LIDO WORM!
X	KernelCheck	sys***.exe [ = digit]	Added by an unidentified TROJAN!
X	KernelCheck	winser.exe	Added by the TSPY_LMIR.SL TROJAN!
N	kernelfaultcheck	dumprep 0 -k	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
N	kernelfaultcheck	dumprep 0 -u	Used in connection with memory dumps - you can disable these by - right clicking on My Computer, selecting Properties and then the Advanced tab. Click on the Settings button in 'Startup and Recovery'. In the bottom pane - under 'Write debugging information' - click on the down arrow and then select 'None' - OK your way out
X	KernelFaultCheck	ptool32.exe	Added by the LEGMIR-BN TROJAN!
X	KernelFaultChk	sms.exe	Added by the DEADHAT WORM! Do not confuse with the valid "kernelfaultcheck" which runs "dumprep 0 -k" or "dumprep 0 -u"
X	Kernell	systems.exe	Added by the TARNO.C TROJAN!
X	Kernell32	Kernell.dll	Added by the DESTINY.A TROJAN!
X	KernellApps	csrss.exe	Added by the BANCBAN-AC TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	KernellApps	lexplore.exe	Added by the BANCBAN-BS TROJAN! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
X	KernellApps32	smss.exe	Added by the BANCBAN-AN TROJAN! Note - this is not the legitimate smss.exe process which should not normally figure in Msconfig/Startup!
X	KernelRuntime	[path to worm]	Added by the MYTOB-JO WORM!
X	KernelRuntime	[path to worm]	Added by the MYTOB-JO WORM!
X	Kernelw	Kernelw32.exe	Added by the INDOR.E WORM!
X	Kernel_check	wmiprvse.exe	Added by the SONEBOT-B WORM! Note - this is not the legitimate wmiprvse.exe process which is always located in the System32wbem folder and should not normally figure in Msconfig/Startup!
X	key	sysxp.exe	Added by the BEAGLE.AB WORM!
X	key	sys_xp.exe	Added by the BEAGLE.AC WORM!
X	key	winxp.exe	Added by the BEAGLE.AG WORM!
X	Key Logger	csrss.exe	Added by the BUCHON.A WORM! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the root folder - normally C:
N	Key Text	KeyText.exe	Key Text 2000 from MJMSoft Design - utility to automate repetitive keyboard tasks. Available via Start -> Programs
X	Key1	Rlid.exe	Added by the LIXY TROJAN!
?	Key2	serve.exe	??
X	key2	winlog.exe	Added by the BAGLEDI-AL TROJAN!
Y	KeyAccess	keyacc32.exe	KeyServer KeyAccess client software - "when the KeyServer program is launched, the KeyServer process becomes active so license requests from client computers can be serviced. Without KeyAccess, a keyed program cannot run, so license control is very secure"
X	Keybdcntl	keybdcntl.exe	Added by a variant of the CRYPTER.C TROJAN!
U	KeyBoard	Keyboard.exe	Labtec keyboard utility
X	keyboard	keyboard.exe [ = number]	Detected by Kaspersky as the VB.ZG TROJAN!
X	keyboard	kybrdef_7.exe	DollarRevenue adware
X	keyboard	[path to trojan]	Added by the DLOADR-AOZ TROJAN!
U	Keyboard Manager	MMKeybd.exe	Multimedia keyboard manager. Required if you use the additional keys
Y	Keyboard Preload Check	Preload.exe	Millenium Multi-Function Keyboard driver
X	keyboard_enum	keyboard_enum.exe	Added by the GP TROJAN!
U	KeyMaestro	kmaestro.exe	Multimedia keyboard manager. Required if you use the multimedia keys
U	keymap	keymap.exe	System Tray utility and background task used by games produced by Kesmai (published by Interactive Magic) and which enables you to program keys to do specific actions during the game
X	keymgrldr	rundll32 setupapi, InstallHinfSection... keymgr3.inf	CoolWebSearch Oemsyspnp parasite variant
U	KeyPatrol	KeyPatrol.exe	KeyPatrol - key logger detector using both behavioral and pattern-matching algorithms that used to be part of PestPatrol before CA's aquisition
X	keyserv	keyserv.exe	KeyThief spyware
U	Keyspan Digital Media Remote	KDMRdmn.exe	Remote control driver for Keyspan Digital Media Remote devices
U	keystroke	keystroke.exe	QuickLaunch surveillance software. Uninstall this software unless you put it there yourself
U	KeyWallet	KWallet.exe	"KeyWallet is a useful and convenient desktop utility that spares you the trouble of filling in your logins, passwords and other personal data manually"
X	kfienq	masbl.bat	Added by the KIFER TROJAN!
X	Kgjg	rnnypbw.exe	Added by the QuickLinks/Forethought adware
X	KHATARNAK Loader	KHATARNAK.exe	Added by the AUTORUN.ACO WORM!
N	khooker	khooker.exe	SiS Keyboard Daemon. System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. Can cause errors at startup and isn't required
X	Kiamat Sudah Dekat_16_04	ISASS.exe	Added by the PAHATIA.B WORM!
U	KICKMON.EXE	KICKMON.EXE	KeepItClean - utility that deletes safe to remove files, cookies, browsing history, etc. This is the scheduler - if you don't schedule clean-ups it isn't required
U	Kill Popup	KillPopup.exe	KillPopup - pop-up stopper
X	KillAndClean	KillAndClean.exe	KillAndClean spyware remover - not recommended, see here
X	kimochiz.exe	kimochiz.exe	Added by the MDROP-BB TROJAN!
N	Kinberlink	Kinberlink.exe	Kinberlink network messaging. Available via Start -> Programs
X	KIT3	hpprintqueue.exe	Added by the ADCLICK-DS TROJAN!
U	KK Loader	loadkk.exe	KeyKey XP Professional from KeyKey.com. "Monitor Instant Messages, Chats, Emails, Web Site URLs, Passwords, Computer Programs, Start Up and Shut Down time and much more completely undetected to the user."
X	KKM Service	kkm.exe	Added by the NANPY-I WORM!
X	KL AntiFunLove	flcss.exe	Added by the FUNLOVE.4099 WORM!
U	KLog	Keyspy.exe	KeyLoggPro.B keystroke logger/monitoring program - remove unless you installed it yourself!
X	klop	[path to file]	Added by the AGENT-WQ TROJAN!
X	klop	[random].tmp	Found with Trojan.Win32.StartPage.aw. Possibly a variant of the AGENT-WQ TROJAN!
U	klp	run32dll.exe	PAL PC Spy - key recorder and screen capture utility which controls and monitors everything that happens on your pc and online
U	klp	explorer.exe	ComSurveilSys keystroke logger/monitoring program - remove unless you installed it yourself! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is found in a SystemPALCSS subfolder
U	KM9801U	MMHotKey.exe	Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
U	kmw_run.exe	kmw_run.exe	Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
U	kmw_show.exe	kmw_show.exe	Kensington MouseWorks - mouse/trackball software. Not required unles you use any special features
X	KnowledgeBase GUI	wppewafaj.exe	Added by the RBOT-GRZ WORM!
U	KN_PanelApp	PanelApp.exe	KnowledgePanel online survey software
N	Kodak Batch Transfer	pezdow1.exe	Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC
U	Kodak EasyShare software	EasyShare.exe	Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually
N	Kodak Picture Easy . Batch Transfer	PezDownload.exe	Part of "Kodak Picture Easy" software for digital cameras. Includes the display of an icon in the System Tray to quickly transfer photos to a PC. . represents the version
N	Kodak Picture Transfer Software	pts.exe	Looks for Kodak camera connection and media insertion. Available via Start -> Programs
N	Kodak Software Updater	backweb*****.exe	Software updater for Kodak Easyshare digital cameras
N	KODAK Software Updater	Kodak Software Updater.exe	Software updater for Kodak Easyshare digital cameras
Y	KodakCCS	KodakCCS.exe	Kodak DC File System Driver
U	Komunikator	tlen.exe	Tlen - a Polish language instant messaging client
U	KONICA MINOLTA magicolor 2400W STD	MSTMON_S.EXE	Konica Minolta Magicolor 2400W colour printer monitor
N	Konni Symbol Autostart	KonniSymbol.exe	Gives configuration access to RagTime Solo professional business publishing software. RagTime Solo is the private user version of RagTime 5
N	kontiki	kontiki.exe	Kontiki Delivery Manager - Windows-based client software that enables secure delivery of content to users' desktops
Y	KPDrv4XP	KPDrv4XP.exe	MediaKey USB Keypad Driver
Y	KPFW32.EXE	KPFW32.EXE	KingSoft Personal Firewall
Y	KPFWSvc.EXE	KPFWSvc.EXE	KingSoft Personal Firewall
X	krag	krag.exe	Added by the AGENT-FOW WORM!
U	Kraidman	Kraidman.exe	"Toshiba RAID Support is a Toshiba EasyGuard feature that uses RAID Level 1 technology to minimise downtime by protecting against data loss and ensuring quick data recovery" - for Toshiba laptops
Y	Krait	razerhid.exe	Razer Krait mouse driver
U	KREC32	krec32.exe	StarrCommander Pro Keystroke logging software
X	KRNL	Kernl32.exe	Added by the ZOMBY.B TROJAN!
X	Krnlcheck	csrss.exe	Added by the BOTNACHALA TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
U	Krnlmod	Krnlmod.exe	Keystroke logger/monitoring program - remove unless you installed it yourself!
U	Kryptel Component Start	Kicker.exe	Kryptel encryption software
X	ksrlnhm	zxatgso.exe	Added by the DLOADER-LI TROJAN!
X	Ksrv32	Ksrv32.exe	Added by the AGOBOT-PI WORM!
X	KTAX Auto Loader	ktax.exe	Added by the SDBOT-MZ WORM!
U	ktchnsnk	ktchnsnk.exe	HP program found with the Office Jet 500/600/700 series which initializes the Office Jet manager each time the computer is booted up or rebooted
Y	KTPWare	ktp.exe	Related to KTP Ware TSR Enhancements from ELANTECH
X	KV2005	word.EXE	Added by the IW TROJAN!
X	kv3000	lover.vbe	Added by the ZSYANG.B WORM!
X	kvern16.dll	regsvr32.exe kvern16.dll	DailyWinner adware. Note that regsvr32.exe is a legitimate Microsoft file used to register and unregister OLE controls and shouldn't be deleted. The "kvern16.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Kvsc3	Kvsc3.exe	Added by the PWS-ANM TROJAN!
X	KV_HOST	cxjx.exe	Added by the LEGMIR-BB TROJAN!
X	kw3eef76	rundll32.exe kw3eef76.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "kw3eef76.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
N	kX Mixer	kxmixer.exe	Provides Mixer and Control functionality to KxProject Audio driver for EMU10k based soundcards
U	KX509	kx509_kfwk5.exe	Kerberos Secure Authentication for Windows
?	KYE_Showicon	shwicon.exe	Card reader for memory cards from digital cameras. Is it required?
X	KYK Control Settings	KYSVCXD.EXE	Added by a variant of the RBOT WORM!
X	KYM Control Settings	phqghum.exe	Added by the RBOT.BQD WORM!
X	L0aders	faxneti.exe	Added by a variant of the SDBOT TROJAN!
X	l44sys**	freecell	Added by the VBS.LIDO WORM - where ** is a number between 1 and 12
X	l44sys**	iexplore	Added by the VBS.LIDO WORM - where ** is a number between 65 and 76
X	l44sys**	winmine	Added by the VBS.LIDO WORM - where ** is a number between 33 and 44
X	L4r1$$a	L4r1$$a.pif	Added by the ASSIRAL-C WORM!
Y	Lachesis	razerhid.exe	Razer Lachesis mouse driver
U	LaCie Backup	LaCieBackup.exe	LaCie '1-Click' backup software for their range of mobile hard drives
U	laim	aimlite.exe	"AIM Lite is a reference application for testing some new client technology developed here at AOL?, with the goal of being a simple, fun, light IM client"
X	laltin	L90112201.Stub.exe	Delfin Media Viewer adware related
X	LAN Driver	landriver32.exe	Added by the RBOT.BT WORM!
X	lanbrup	lanbrup.exe	SafeSurfing adware
U	LANDeskInventoryClient	LDIScn32.exe	LANDesk? Management Suite software component
U	LanguageMonitor	Oplmsb01.exe	OKI Printer language support monitor
?	LanguageShortcut	Language.exe	Language setting for Cyberlink's PowerDVD?
X	LanGuard	languard.exe	Adware downloader - also detected as the SECONDT-C TROJAN!
X	LanGuard	[path to trojan]	Added by the DLOADER-VO TROJAN!
X	lanmanwrk.exe	lanmanwrk.exe	Added by the AGENT.AIA TROJAN!
U	LANMessage Pro	LANMES~1.exe	LANMessage Pro - "a powerful tool for communicating with other people on your office/home network"
U	LanSpeed2	LanSpeed2.exe	Monitors any traffic that is using a LAN adapter (Ethernet or Token ring network card)
?	LanzarL2007	[path] setup.exe	??
U	LaoKey	LaoKey.exe	Lao Script for Windows (LSWin) is an extension to the Windows operating system to allow Lao language to be used with many different Windows-based applications
U	LapLink scheduler	Llsched.exe	Utility that automatically performs file transfers as unattended background operations
X	Lar	Llass.exe	Added by the INOR-A TROJAN!
X	lar	[trojan filename]	Added by the ROXY.C TROJAN!
X	LARISSA ANTI VIRUS	LARISSA_ANTI_VIRUS.exe	Added by the KLASSIR TROJAN!
?	Lasb	ewat.exe	??
X	LasErma	Ermasys32.exe	Added by the LERMA-A WORM!
X	LAsIAf32	RePEAtLD.exe	Added by the REPEATLD WORM!
X	lasse	lasse.exe	Added by the NTOS TROJAN!
Y	LASTinst	N/A	For Gilat Communications internet satellite systems. Gilat rescue (Satellite system restore). Required if you have this system. Can cause a BSOD (blue screen of death) if left out
?	Later	later.exe	??
U	LaunApp	LaunApp.exe	Part of Acer Launch Manager - programmable keys on such laptops as the TravelMate 610
?	Launcg	launcg.exe	??
U	Launch Ai Booster	OverClk.exe	ASUS Ai Booster is an application that allows you to overclock the CPU either manually or automatically without the hassle of entering the BIOS Setup
N	Launch Context 5.0	Launch.exe	Context - electronic dictionary
U	Launch LCDMon	LCDMon.exe	Logitech LCD G-Series software driver
N	Launch LCDMon	LCDMon.exe	Driver/utility for Logitech G-Series gaming keyboards and mice
U	Launch LGDCore	LGDCore.exe	Driver/utility for Logitech G-Series gaming keyboards and mice
X	Launch Norton AntiVirus 2000	jorgf.exe	Added by the RBOT-AUI WORM!
N	Launch YahooPOPs! at Windows startup	YAHOOPOPS.EXE	YahooPOPs - enables free POP3/SMTP access to Yahoo! Mail through a service on localhost that emulates the web interface. Available via Start -> Programs
U	LaunchAp	LaunchAp.exe	Programmable keys on Acer, Fujitsu and other laptops
U	LaunchApp	Alaunch.exe	Acer Launch tool utility on laptops
U	Launchboard	lnchbrd.exe	"LaunchBoard software from Darwin turns your keyboard into a remote control for the Internet and your computer! With LaunchBoard 2.0, you can customize up to 38 keys on your PC keyboard to instantly launch Web Sites, start applications, perform custom macros, handle Windows shortcuts, store passwords, and perform loads of other customizable functions"
X	Launcher	launcher.exe	Spyware component related to DownloadWare and found in Program FilesKFH
N	Launcher	relaunch.exe	Audio Applications Launcher for the Philips Rythmic Edge soundcard (the Philips Rhythmic Edge is the same as the Thunderbird PCI soundcard - see TBtray). Available via Start -> Programs
U	Launcher	launcher.exe	PC Angel recovery program from SoftThinks. Located in a "SMINST" sub-folder of the Windows or Winnt directory
?	LaunchList	LaunchList2.exe	Part of Pinnacle Studio video editing suite. What does it do and is it required?
X	Lavasoft Ad-Aware	Ad-Aware.exe	Added by the RBOT-SO WORM! Note - this is not the popular Ad-aware spware/adware removal tool
U	Lavasoft Adwatch	Ad-watch.exe	Part of Lavasoft Ad-aware Plus - realtime spyware-monitor watching your memory and registry for spyware that tries to install or change your system
X	layersldm	hostplsrvc.exe	Added by a variant of the SDBOT WORM!
X	Laz	Kernn.exe	Added by the BANCOS-LN WORM!
X	LBTWiz.exe	LBTWiz.exe	Added by the SDBOT-DHY WORM!
X	Lcass	Lcass.exe	Added by the SILLYFDC-W WORM!
U	LCD Smartie	LCDSmartie.exe	"LCD Smartie is software for Windows that you can use to show lots of different types of information on your LCD/VFD." Typically used by the PC modding community to display statistics such as CPU temp, fan/cooler speed, etc on an LCD display
U	LCDC	LCDC.exe	LCDC is an application that displays various information on your LCD or VFD screen. The number of things that LCDC can do is expandable by Plugins
Y	LCDMon	LCDMon.exe	Driver/utility for Logitech G-Series gaming keyboards and mice
Y	LCDPlayer	LCDPlyer.exe	Related to SuperAdBlocker
N	lcfep	lcfep.exe	Tivoli 'TME' System Tray icon - "'lcfep' is the program that displays statistics about the Endpoint. Apparently stopping/removing this process has no impact on the Endpoint itself which will continue to function normally"
?	LCIDConfig	lcidchng.exe	??
U	LClock	lclock.exe	LClock is a program that makes the Windows' clock look like a Windows Longhorn Clock
X	lcvga	lcvga.exe	Added by the HOSTOL-A TROJAN!
X	ld	ld.exe	CoolWebSearch Tooncomics parasite affiliate variant - redirects to fastwebfinder.com
N	LDM	backweb-8876480.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
N	LDM	ldmconf.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
N	LDM	LogitechDesktopMessenger.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
X	ldriver	ldriver.exe	Added by the CHORUS-A TROJAN! Searchforfree browser hijacker
U	LED TRAY	LEDTRAY.EXE	Installs a USB compact flash card reader or drive on start-up. The device is distributed by Microtech and is made by a company called SnapShot. Required if you want the reader to work
U	ledpointer	CNYHKey.exe	Chicony Electronics Multimedia Keyboard Hotkey Driver
N	LeechGet	LeechGet.exe	LeechGet download manager
X	leeman	leeman.exe	Added by the COSIAM-D TROJAN!
X	LEMSRV	lemsrv.exe	Added by the IRCBOT-TC TROJAN!
X	LetsSearch	LetsSearch.exe	BrowserAid/BrowserPal foistware
X	Letum	[path to worm]	Added by the LETUM.A WORM!
U	Lexmark 1200 Series	lxczbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark 1200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark 2200 Series	lxbvbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark 2200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark 3100 Series	lxbrbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark 4200 Series	lxbmbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark 4200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark 5200 series	lxbtbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark 5200 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark 5400 Series Fax Server	fm3032.exe	FaxMan integrates complete fax send and receive support into Windows applications without requiring additional fax software
X	Lexmark Print	lexmark.exe	Added by a variant of the SPYBOT WORM! See here
U	Lexmark X1100 Series	lxbkbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X1100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X5100 Series	lxbabmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X5100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X6100 Series	lxbfbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X6100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X63 Button Manager	AcBtnMgr_X63.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X63 Button Monitor	ACMonitor_X63.exe	Button monitor for the Lexmark X63 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X63.exe"
U	Lexmark X73 Button Manager	AcBtnMgr_X73.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X73 Button Monitor	ACMonitor_X73.exe	Button monitor for the Lexmark X73 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X73.exe"
U	Lexmark X74-X75	lxbbbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X74-X75 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X83 Button Manager	AcBtnMgr_X83.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X83 Button Monitor	ACMonitor_X83.exe	Button monitor for the Lexmark X83 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X83.exe"
U	Lexmark X84-X85 Button Manager	AcBtnMgr_X83-X85.exe	"Lexmark Scan & Copy Control Program" for the Lexmark X84-X85 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
U	Lexmark X84-X85 Button Monitor	ACMonitor_X85-X85.exe	Button monitor for the Lexmark X85-X85 all-in-one multifunction printer/copier/scanner. Works in conjuction with the "Lexmark Scan & Copy Control Program" button manager whose filename is "AcBtnMgr_X85-X85.exe"
N	LexmarkPrinTray	printray.exe	Lexmark Printer icon in the System Tray for quick access. Not required - uncheck via Printer configuration rather than MSCONFIG. Can also be listed as PrinTray
X	Lexmark_X79-55	lsasss.exe	Added by the ZONEBAC TROJAN!
X	lexplore	lexplore.exe	Added by the BROPIA WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
N	lexpps	lexpps.exe	For Lexmark printers. From Lexmark: "This enables bi-directional printing over a peer to peer network. If the printer is connected directly to your PC, the file is not used, (or should not be used) at all". It is known that firewalls can however alert you to "lexpps.exe" requesting server privileges
U	LexStart	lexstart.exe	Lexmark printer software may add Lexstart.exe in the startup folder to handle print commands that you send to the printer. Sometimes required for the printer to work correctly - not in the case of a Lexmark Z42 for instance
X	Lfh	Lfh.exe	Added by the ZAURGA-A TROJAN!
U	Lfsndmng	lfsndmng.exe	LightningFAX Enterprise Fax Server - "puts faxing at the fingertips of networked enterprise users. It enables rapid, secure sending and Direct-To-Desktop Delivery of mission-critical documents"
U	LGDCore	LGDCore.exe	Driver/utility for Logitech G-Series gaming keyboards and mice
X	lgm	lgm.exe	Added by the ACID-F WORM!
U	LGODDFU	fwupdate.exe	Auto firmware update program for LG Electronics CD-ROM/DVD writer
U	LgWDskTp	LgWDskTp.exe	Logitech Wireless Desktop mouse and keyboard software. There is an icon for this program on the taskbar next to the clock
N	lhttseng	rundll32.exe ..lhttseng.inf, RemoveCabinet	Left over after installation of the British English version of the Lernout & Hauspie Text To Speech (TTS) Engine
X	li-multi****	li-multi****.exe	Adult web-dialler - **** is random
X	li-rcash00001	vldial.exe	Added by the Vl TROJAN!
X	li-speed****	dlres.exe	Adult web-dialler - **** is random
X	li-thund****	li-thund****.exe	Adult web-dialler - **** is random
X	li-vita****	li-vita****.exe	Adult web-dialler - **** is random
X	li01f948	rundll32.exe li01f948.dll, EnableRunDLL32	LZIO.com adware downloader. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "li01f948.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
N	LicCrtl	runservice.exe	Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program
U	LicCtrl	rundll32.exe MMFS.DLL, Service	Part of the eLicense Copy Protection scheme employed by some software and games. When this service is not running, the eLicense wrapper is unable to extract and execute the program. Note that the "MMFS.DLL" file is located in the Winnt or Windows folder
X	License Manager	license_manager.exe	MediaPipe peer-to-peer file swapping program also reported as a hijacker
X	lich	lich.exe	Added by the QLOWZON-BN TROJAN!
U	LidPolicy	pwrschem.exe	A utility for configuring certain HP notebook models to enter Standby mode when the lid is closed only when running on battery
X	Life FireWall Update1	FireWall-Update1.exe	Added by the RBOT-ARS WORM!
?	LifeCam	LifeExp.exe	Related to Microsoft's LifeCam series of webcams. What does it do and is it required?
U	LifeChat	LifeChat.exe	Support software for Microsoft's "LifeChat" headsets - which are optimized for use with Windows Live Messenger
N	LifeDrive Manager	LifeDriveMgr.exe	Keeps the Palm LifeDrive Manager utility in the systray. Shortcut available via Start -> Programs
U	LifeDrive? Manager	LifeDriveMgrTray.exe	System Tray utility for the Palm LifeDrive Mobile Manager
N	LifeScape Media Detector	PicasaMediaDetector.exe	Media detector for Picasa's automatic photo organizer
X	lify	yujixit.exe	Added by a variant of the SDBOT WORM!
U	Lightning Download	Lightning.exe	Lightning Download download manager. Can be launched manually, but will need to start up if you want it to "catch clicks" off Internet Explorer
X	Limewire	LimeWire.exe	Added by the RBOT-AGH WORM!
N	LimeWire On Startup	LimeWire.exe	LimeWire - Peer to Peer (P2P) file-sharing client. Note - as with all P2P sharing programs they are susceptible to various forms of malware
N	LimeWire x.x	LimeWire.exe	LimeWire - Peer to Peer (P2P) file-sharing client. x.x represents the version number. Note - as with all P2P sharing programs they are susceptible to various forms of malware
X	limewirepro.exe	limewirepro.exe	Added by the IRCBOT-WA WORM!
X	Limpet	explorer16.exe	Added by the RBOT-AJD WORM!
N	Line Speed Meter V3.0	LineSpeedMeter.exe	LineSpeedMeter - detect the download and upload speed of your internet connection
U	Lingvo Launcher	Lvagent.exe	ABBYY Lingvo Electronic Dictionaries
U	LingvoTraining	Tutor.exe	ABBYY Lingvo Electronic Dictionaries
X	Linker	LinkMaker.exe	Links adware
X	links	links.exe	Added by the LOWZONE-BI TROJAN!
N	Linksts	linksts.exe	Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
X	Linksts	linksts.exe	Tray icon which gets installed when you install the drivers for Asuscom internal ISDN modem cards (or rebadged Asuscom ISDN cards, such as MRi). This icon enables you to monitor or configure your ISDN card. Once you have configured your ISDN card correctly, you will never need to use this icon
X	Linksys Modem Drivers	linksys.exe	Added by the IRCBOT.VD WORM!
X	linkyuu	linkuyy.exe	Added by the DLOADER.MC TROJAN!
X	Linux	Linux.vbs	Added by the LOVELETTER.AS VIRUS!
U	LiquidView	lviewj.exe	"Liquid View lets you increase the legibility of the Microsoft Windows interface regardless of your display's native resolution. The software lets you increase the size of items that are hard to read on your monitor"
X	Lisa	Lisa.exe	Added by the SCOM-D premium rate adult content dialler
X	List checker 32 BIT	list32.exe	Added by the RBOT-AHO WORM!
X	Litebot	[path to trojan]	Added by the LITEBOT-A TROJAN!
N	LIU	LIU.exe	Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
N	LIU	Rubicon.exe	Logitech Internet Update. Used to update drivers/software for Logitech's Wingman, QuickCam, etc devices. Reports claim it doesn't work very well and you can manually update the files anyway
N	Live Menu	Dllcmd32.exe	eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here
X	Live Messanger	livemsgr.exe	Detected by Kaspersky as the RBOT.BXX WORM! See here
X	Live update monitor	srvany32.exe	Added by the AGOBOT.AFM WORM!
X	Live-Help	lmns.exe	Added by the RBOT-GHE WORM!
N	LiveMonitor	LMonitor.exe	MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
N	LiveNote	Livenote.exe	Asus graphics card driver live update feature
X	LiveSexCams	LiveSexCams.exe	Premium rate adult content dialler
U	LiveUpdate	LiveUpdate.exe	Web-update utility as used by various types of software - see here
X	LiveUpdate	[Windows username]05.exe	Added by the LINEAGE TROJAN!
X	LiveUpdate	smss.exe	Added by the VB.BAU TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "isas" subfolder of the Winnt or Windows folder
N	LiveUpdate	Copyer.exe	Samsung PC Studio is a Windows-based PC program package that you can use easily to manage personal data and multimedia files by connecting a Samsung Electronics Mobile phone (GSM/GPRS/UMTS) to your PC. You can launch the update manually - see the instructions here for example
X	LiveUpdate32	services.exe	Added by the VB.BAU TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "isas" subfolder of the Winnt or Windows folder
X	Livre	Dibane.bat	Added by the BANEDI VIRUS!
X	Ljx	rundll32.exe	Added by the LINEAG-ABD TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the "inf" sub-folder
X	lk3h1	[path to file]	Added by the MOSUCK-G TROJAN!
?	LLMODCL2	rundll.exe setupx.dll, InstallHinfSection ..LLMODCL2.INF	??
X	llsass	llsass.exe	Added by the PROXY-GG TROJAN! Note - this malware actually changes the default value data of the registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
N	LM Status	LMSTATUS.EXE	Xerox WorkCenter XE - language monitor status application
X	LMA Manager	lmamanager.exe	Added by the TILEBOT-AD WORM!
U	LManager	QtZgAcer.EXE	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
U	LManager	QtZpAcer.exe	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
U	LManager	HotkeyApp.exe	Acer Launch Manager - on Acer laptops it allows users to configure shortcut keys and to set the operating state of the WLAN module and the (optional) Bluetooth radio
U	LManager	QtaET2S.EXE	Acer Launch Manager - on Acer laptops, provides configurability for the special keys on their range of multimedia keyboards
X	lMAPl	lMAPl.exe	Added by the AGOBOT-RE WORM!
U	LMgrOSD	OSDCtrl.exe	OSD (on-screen-display) utility - part of Acer Launch Manager. Gives you control to customize the monitor to your liking...from sound, brightness, contrast, horizontal and vertical positions, phase, pixel clock, color and language
N	LMonitor	LMonitor.exe	MSI Live Update - auto-detects and suggests the latest BIOS/Driver/Utilities information
?	lmpdpsrv	lmpdpsrv.exe	Related to a Lexmark printer/scanner. Printer sharing server? Is it required?
X	lmrt	lmrt.exe	Unidentified adware
N	LMSTATUS	LMSTATUS.EXE	Xerox WorkCenter XE - language monitor status application
Y	LMSXXD	LMSXXD.exe	Driver for Xerox XD series printer/copiers
X	lmu	LMU.exe	Detected by Kaspersky as the AGENT.BG TROJAN!
X	lnternet Explorer	AMSNDMGR.EXE	Added by the KWBOT.R WORM! Note that the "l" is a lower case "L" and not an upper case "I"
X	lnternet Update	lExplore.exe	Added by the RBOT-GRH WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
X	lnwin.exe	lnwin.exe	Added by the DLOADR-ATC TROJAN!
X	load	mdm.exe	Added by the BINGHE TROJAN!
X	load	msgsr32.exe	Added by the SDBOT-QR WORM!
X	load	[path to worm]	Added by the KELVIR.AI WORM!
X	Load	MyGame.exe	Added by the LAMEYEAR-A WORM!
X	load	_Kerne1.exe	Added by the LINEAGE-AN TROJAN!
X	load	Internat.exe	Added by the WOWCRAFT TROJAN!
X	load	rundll32.exe	Added by the WOWCRAFT TROJAN!
X	load	svhost32.exe	Added by the WOWCRAFT TROJAN!
X	load	svchsot.exe	Added by the GWGHOST-O TROJAN!
X	load	explorer.exe	Added by the LINEAGE-OZ TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	load	Kerne121.exe	Added by the LINEAGE-ON TROJAN!
X	load	Kerne1211.exe	Added by the LINEAGE-DY TROJAN!
X	load	rundl132.exe	Added by the LOOKED-CK WORM!
X	load	ctftpscr32.exe	Added by the AGENT-FPN TROJAN!
X	Load	win32.exe	Added by the RUBBLE-A WORM!
X	Load Service	SvHost.exe	Added by the PESIN-D WORM!
U	LOAD WB	LOADWB.EXE	Part of Stardock's WindowBlinds custom desktop program. "WindowBlinds is the first utility of its kind. It extends Win98/NT/2K/XP to have a fully skinnable user interface. You can change the style of title bars, buttons, toolbars and much more". If you use it - keep it if not then uninstall it
X	Load-Guard	Wscript.exe LGuarg.exe.vbs	Added by the YENO.B and YENO.C WORMS! Note that wscript.exe is a legitimate Microsoft file used to launch script files and shouldn't be deleted. The "LGuarg.exe.vbs" file is located in the Winnt or Windows folder
X	LOAD32	Lorena.exe	Added by the MAPSON.C WORM!
X	load32	load32.exe	Added by the NIBU, BAMBO TROJANS and DUMARU WORM!
X	load32	l32x.exe	Added by the DUMARU.Z or DUMARU.Y or DUMARU.AD WORM!
X	load32	1111a.exe	Added by the DUMARU.AH WORM!
X	load32	swchost.exe	Added by the TURTA.A WORM!
X	load32	netda.exe	Added by the NIBU.E TROJAN!
X	load32	winldra.exe	Added by the BACKDOOR.NIBU.J or DUMARU-BI TROJANS! Note - also known as Srv.SSA-KeyLogger by Sunbelt Software which has developed a free removal tool for this keylogger
N	load=	adw30.exe	After Dark for Windows - screen saver program. Popular before screen savers were integrated into Win95
U	load=	asistat.exe	Status monitor for an NEC SuperScript printer
?	load=	cfgsys32.exe	??
U	load=	esspk.exe	Speakerphone capability through a soundcard for an ESS modem
Y	load=	hotkey.exe	Solo 5300 display driver for Win2K on some Gateway laptops
N	load=	HPWHRC.EXE	Loads the Status Window software for the HP Laserjet printers
?	load=	WPSLOAD.EXE	Windows printing system that comes with the setup for Canon BJC series on the manufacturer's disk
N	load=	vi_grm.exe	Monitor drivers for Trio2x/3x based video cards - displays control panel for quick access to display settings
?	load=	WINOSCFG.EXE	Could it be something to do with configuring Windows on a new PC from an OEM supplier?
Y	load=	wpshrc.exe	Required to prevent configuration errors on a Compaq LBP-660 and LBP-460 parallel port laser printers (and maybe others)
Y	load=	Bfrecv.exe	Bitware modem driver
X	load=	msater.exe	Added by the RETSAM TROJAN!
X	load=	shambl3r.exe	Added by the REMABL WORM!
X	load=	Spoolsv.exe	Added by the CIADOOR.B TROJAN! Note - "Spoolsv.exe" is located in the Windows or Winnt directory, and not in System32, like the legitimate Spoolsv.exe system file
?	Load=	wtfeat.exe	Associated with the Wintab Digitizer
Y	load=	AICLIENT.EXE	Asset Insight from Tangram - asset managing software. Required if an organisation is running a centrally administered asset management system
X	load=	hint.exe	Added by the ATAK WORM!
X	load=	win32exec.exe	Added by the BITTER WORM!
X	load=	a1g.exe	Added by the ATAK.B WORM!
X	load=	dapdll.exe	Added by the ATAK.E WORM!
X	load=	svhost32.exe	Added by the LINEAGE-AB TROJAN!
Y	load=	01comm32.exe	Related to Elsa CommPro (Communicate Pro) access software for Microlink modems - this software contains answering machine and fax functions, plus a terminal program, a WWW-browser launch function, Internet telephony, and address management. Required if you use those
X	load=	inetinfo.exe	Added by the PROXY-GG TROJAN!
X	load=	Kerne14.exe	Added by the LINEAGE-BA TROJAN!
X	Loadab1	explorer.exe	Added by the LINEAGE-AJ TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
Y	LoadBlackD	blackd.exe	This is the "intrusion detection system" of the BlackICE PC Protection (was Defender) firewall which loads independently of the "user interface" (BlackICE Utility)
U	LoadBtnHnd	BtnHnd.exe	Fujitsu Siemens Lifebook laptops have some buttons on the case that can be programmed to execute specified programs (like hotkeys). The buttons can also be used as a combination lock input
X	LoadDBackUp	BcTool.exe	Added by the GIBE WORM!
X	loaddll	loaddll.exe	Winvest spyware
?	LoadDvpApi9x	DVPAPI9X.exe	Part of Command AntiVirus for Windows 95/98/Me. Is it needed?
X	loader	loader.exe	Homepage hijacker, redirecting to coolwwwsearch.com. Downloader for iedll.exe
X	loader	WMPLAYER.EXE	Unknown baddie - WMPLAYER.EXE is stored in the location and uses the same name as Windows Media Player but that valid Windows program doesn't load at startup
X	loader32	sys***.exe [*** = random digit]	Added by the DOMCOM TROJAN!
X	loader32	Loader32.exe	Added by an unidentified TROJAN!
X	Loaders	HeIp.exe	Added by the SDBOT-ADB WORM!
X	loadfax	loadfax.exe	Added by the WINFLUX-C TROJAN!
X	LoadFonts	LoadFonts.vbs	Homepage hijacker that changes your homepage to an adult content site
X	LoadFonts	Tahoma.vbs	Homepage hijacker that changes your homepage to an adult content site
U	LoadFujitsuQuickTouch	QuickTouch.exe	Maps the keys on a Fujitsu Siemens Lifebook application panel to various programs and functions
X	LoadGolfCourses	LoadGolfCourses.exe	PlayMiniGolf.com foistware - stealth installed!
X	LoadHTML	rundll32.exe mshtmpre.dll, MShtmpre	Mshtmpre adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "mshtmpre.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	LoadingAgent	ZipLoader32.exe	Added by the OBLIVION TROJAN! This executable is one of the most common but there are more
X	LoadingAgent	msload32.exe	Added by the OBLIVION TROJAN! This executable is one of the most common but there are more
X	LoadManager	msload.exe	Added by the OPASERV.T WORM!
X	loadMecq0	explorer.exe	Added by the MUMUBOY.C TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
X	loadMecq3	rundll32.exe	Added by the LEGMIR-AS TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Root folder (C:), (D:), etc
X	loadMect1	explorer.exe	Added by the LINEAGE-L TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
X	loadMefs	rundll32.exe	Added by the LEGMIR-JB TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in the Windowsinf or Winntinf folder
X	loadMefs	smss32.exe	Added by the FLOOD-EL TROJAN!
N	LoadMSvcmm	msvcmm32.exe	Auto-update for Movielink - internet movie rental System Tray access
X	LoadOrderVerification	[random filename]	Added by the TRON.A TROJAN!
U	Loadout Manager	nost_LM.exe	Manager for the Belkin Nostromo n50 SpeedPad game controller - see here
X	LoadPFW	wmimgr.exe	Added by the QEDS-B WORM!
X	LoadPowerProfile	ASDAPI.EXE	Added by the CABRO TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
U	LoadPowerProfile	Rundll32.exe powrprof.dll	Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings
X	LoadPowerProfile	Rundll.exe powerprof.dll	Added by the LOXOSCAM TROJAN! Note - do not confuse with the valid LoadPowerProfile entry! Notice that the infected version uses "Rundll.exe" whereas the uninfected version uses "Rundll32.exe"
X	LoadPowerProfile	rundl.exe	Added by the TOFAZZOL TROJAN! Not to be confused with the valid LoadPowerProfile entry where the command is Rundll32.exe powrprof.dll
X	LoadPowerProfile	Rundll32.exe	Added by the MIROOT WORM! Note - do not confuse with the valid LoadPowerProfile entry which has "powrprof.dll" appended to the command/data line
X	LoadPowerScheme	rundll32.exe powerprof.dll CheckPowerProfile	Ulubione adult content dialer. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted
U	LoadQM	loadqm.exe	Installed with MSN Explorer and loads the MSN Queue Manager. Required to enable the WU AutoUpdate feature. Note that disabling this can sometimes prevent internet sharing working on Win2K Pro SP2. Reports also suggest that removing it will re-enable internet access - hence the "users choice" recommendation. If you have problems leave it, otherwise I recommend you disable it
X	loads.exe	loads.exe	MediaMotor adware
X	loads.exe	medload.exe	Medload adware
X	loads.exe	suploads.exe	Added by the AGENT-BZ TROJAN!
X	LoadService	Rest In Peace	Added by the KANGAROO-A WORM!
X	LoadService	Maaf, tempatmu bukan di sin	Added by the KAGEN-A TROJAN!
X	LoadService	Virus	Added by the CAGER.A WORM!
X	LoadSIPS	rundll32.exe SIPSPI32.dll, SIPSPI32	123Mania adware. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "SIPSPI32.dll" file is found in the System folder
?	LoadWatcher	Test.exe	Reportedly part of a webcam surveillance program that's supposed to test SMTP dialling in the event of an alert? Is this correct?
X	LoadWatcher	watcher.exe	Watcher spyware
X	loadwin	winset.exe	Added by the QQPASS-I TROJAN!
X	loadwin	winsys.exe	Added by the QQPASS-J TROJAN!
X	LoadWindowsFile	[filename]	Added by the DELF.B TROJAN! where [filename] is the infected file
X	Local Area Network	OpenGL.exe	Added by a variant of the RBOT WORM!
X	Local Authority Service	lsass.exe	Added by the AMRKTMAN-C TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Local Internet Connection	LIC.exe	Added by the SDBOT-YA WORM!
X	LOCAL INTERNET WEB DRIVERS FOR WIN32	phqghume.exe	Added by a variant of the RBOT WORM!
X	Local Page	http://find.naupoint.com	Naupoint browser hijacker
X	Local runole service	srvc32.exe	Added by the SMALL-DP TROJAN!
X	Local Security Authority Servce	lssas.exe	Added by the POEBOT-T WORM!
X	Local Security Authority Service	lssas.exe	Added by the POEBOT-J WORM!
X	Local Security Authority Service	Isass.exe	Added by the LINKBOT.M WORM!
X	Local Service	Intenat.exe	Added by the NUCLEAR-J TROJAN!
X	Local Service	services.exe	Added by the P2PWORM-T WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Cursors" subfolder of the Windows or Winnt folder
X	Local-Settings-of-[User Name]	[User Name].exe	Added by the GAVGENT.A WORM!
U	LocalProxy	proxy4free.exe	"ProxyTools is a package of Perl network utilities designed mainly to assist those whose Internet access is censored, unreliable, or otherwise damaged. Uncensored access is provided to any outside service required (Usenet News, Web browsing, IRC, Socks etc.). Setup requires installation of Perl and some modules"
X	LocalSystem	svchost.exe	EHU adware. Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
X	Locator Service	[filename]	Added by the AGOBOT-KY TROJAN!
U	Lock My PC	lockpc.exe	Lock My PC - a tool for quick computer locking when you leave it unattended. It shows a lock screen, disables Windows hot keys and mouse
X	logg	logo_1.exe	Added by the PWFUZZ-A WORM!
X	Logical Disk Detection	mrisvc.exe	Detected by Kaspersky as the IRCBOT.AOW TROJAN! See here
N	Logiciel de transfert d'images KODAK	pts.exe	Looks for Kodak camera connection and media insertion. Available via Start -> Programs
U	Login	winlog.exe	Salfeld Child Control - parental control software
X	login	[path to trojan]	Added by the HOTWORD-A TROJAN!
X	Login	Login.exe	Added by the BANCBAN-AH TROJAN!
X	Login	lala.exe	Added by the BUGSPR-A TROJAN!
X	Login Screen Saver	login.scr	Added by the RBOT-AVN WORM!
X	Login Service	[path to file]	Added by the MIGMAF TROJAN!
X	LoginPassport	Lgnpsp32.exe	Added by the REDIST.C WORM!
X	loginui32	loginui32.exe	Added by the LONGNU.A TROJAN!
X	Logitech	Logitech.exe	Added by the RBOT.BJH WORM!
X	Logitech Camera	Soundcane.exe	Added by the SDBOT.MUC WORM!
X	Logitech Desktop	ApPache.exe	Added by the RBOT-YP WORM!
X	Logitech Desktop	IPCONN.EXE	Added by the SDBOT-WE WORM!
X	Logitech Desktop Controller	wrcam.exe	Added by a variant of the RBOT WORM!
N	Logitech Desktop Messenger	backweb-8876480.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
N	Logitech Desktop Messenger	ldmconf.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
N	Logitech Desktop Messenger	LogitechDesktopMessenger.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
U	Logitech Hardware Abstraction Layer	Khalmnpr.exe	Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
U	Logitech Harmony Remote	HarmonyClient.exe	Logitech Harmony advanced universal remote
U	Logitech Harmony Remote Software 7	HARMON~1.EXE	Logitech Harmony Advanced Universal Remote controller software
U	Logitech SetPoint	KEM.exe	Keyboard and mouse drivers and utilities for Logitech's latest products - supersedes iTouch and MouseWare on their older products. Required if you use special features such as multimedia keys
U	Logitech SetPoint	KHALMNPR.EXE	Part of the Logitech Setpoint software for their wired and wireless mice and trackballs. Sets the Windows mouse sensitivity to minimum. The idea is that you will use the SetPoint Control Panel to adjust your mouse sensitivity. This setting is maintained separately from the Windows setting, but is combined with the Windows setting to determine the final sensitivity. For this reason, KHALMNPR sets the Windows setting to 0 so it doesn't alter the one you set in SetPoint
U	Logitech SetPoint	Setpoint.exe	Logitech SetPoint Event Manager for their range of mice and keyboards. Required if you want to use the advanced features of these devices and is located in the LogitechSetpoint sub-folder of Program Files
U	Logitech Utility	Logi_MwX.exe	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
N	Logitech Wakeup	lgwakeup.exe	Loads at startup and monitors the scanner. When a document is inserted in the scanner the wakeup program feeds the document a fraction of a inch into the scanner and then it launches the control center software. From the control center you can select whether to fax or copy or print the scanned documents. If you uncheck the Logitech wakeup software from the startup it no longer launches the control center or feeds the document a fraction of an inch. You can manually launch the control center software via Start ->Programs and still be able to scan images
X	Logitech Wireless	logitechwls.exe	Added by the MYTOB-BS WORM!
U	LogitechCameraAssistant	CameraAssistant.exe	Related to Logitech QuickCams and provides additional configuration options for these devices
U	LogitechCameraService(E)	ElkCtrl.exe	Related to Logitech Camera Service and provides additional configuration options for these devices
Y	LogitechCommunicationsManager	communications_helper.exe	Installed with a Logitech Quickcam Messenger and if disabled the camera will not work - at least not in the quick capture mode
N	LogitechDesktopMessenger	LogitechDesktopMessenger.exe	Installed with the software for Logitech products. Automatically checks for software upgrades AND new products, services and special offerings from Logitech
U	LogitechGalleryRepair	ISStart.exe	LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
N	LogitechImageStudioTray	LogiTray.exe	Logitech Image Studio - installed with Logitech QuickCams
N	LogitechQuickCamRibbon	quickcam10.exe	Installed with a Logitech Quickcam Messenger. Camera's software which is non-essential. When you open it, it allows you to open the quick capture, camera settings, etc
X	Logitechs	Logitechs.exe	Added by the SDBOT.BWE WORM!
N	LogitechSoftwareUpdate	ManifestEngine.exe	Updater, part of Logitech Image Studio - installed with Logitech QuickCam cameras
U	LogitechVideoRepair	ISStart.exe	LogitechGalleryRepair/LogitechVideoRepair - part of Logitech Image Studio - installed with Logitech QuickCam cameras. Required from version 8.11 onwards if you use the software to take pictures and capture videos, not if you don't. Also not required for versions up to and including 7.30 and after version 8.30 - hence the "U" rather than "Y" recommendation
N	LogitechVideoTray	LogiTray.exe	Logitech Image Studio - installed with Logitech QuickCams
N	LogitechVideo[inspector]	InstallHelper.exe	Logitech QuickCam software installation helper
N	LogiTray	LogiTray.exe	Logitech Image Studio - installed with Logitech QuickCams
U	Logi_Mwx	Logi_MwX.exe	Logitech Mouseware driver. Needed to support some additional functionality of Logitech mice/trackballs such as "SmartMove". If you disable it and find you don't need it leave it disabled
U	LogMeIn GUI	LogMeInSystray.exe	RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone
U	LogMeIn GUI	ragui.exe	RemotelyAnywhere is a remote administration and remote control solution for Windows. It allows access to the host computer via the network (the LAN, an intranet or the Internet) - and on the client side all you need is a web browser, a terminal emulator or a WAP-enabled phone
X	Logo	[path to trojan]	Added by the DLOADER-RH TROJAN!
U	Logon Loader	LogonLoader.exe	Logon Loader - customize boot & login screens
U	Logon Loader Random	LogonLoader.exe	Logon Loader - customize boot & login screens
X	Logon.exe	logon.exe	Added by the ZINS.A TROJAN!
X	LogonAdministrator	imoet.exe	Added by the RAHIWI.A WORM!
U	LogonStudio	logonstudio.exe	WinCustomize LogonStudio - "Allows Windows XP users to edit, change, and apply new logon screens. LogonStudio comes built with a visual editor to make it easy to create your own logons which can then be uploaded to websites to be used by others users"
X	LogService	wincalc.exe	Added by the PAPROXY TROJAN!
X	LogService	lsass.exe	Added by the IU TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	LogService	lsrss.exe	Added by the PAPROXY-D TROJAN!
U	LogWatch	logwat95.exe	Licensing patch for products installed on NT by Computer Associates such as eTrust. Detects and updates old versions of lic98.dll. Not required if you already have a newer version or the patch has been applied
X	lololol	_hideme_imhiddenlololol.exe	Added by the HIDEME-A TROJAN!
X	longos	WIWT.EXE	Added by the BANKER-CD TROJAN!
Y	Look 'n' Stop	looknstop.exe	Look 'n' Stop personal firewall
N	LookNMeet	Agent.exe	LooknMeet dating service
X	Lookup_Sys	lookupsys.exe	P04n trojan
N	Lotus Organizer EasyClip	easyclip.exe	"The Easy Clip icon automates the collection of information from sources such as e-mail to create an Organizer address, appointment, task or Notepad page." Available via Start -> Programs
N	Lotus QuickStart	smartctr.exe	Lotus central application, called SmartCenter, which runs on the Windows desktop. SmartCenter toolbar stretches across the top or, optionally, the bottom of the screen. Uses a lot of resources. Available via Start -> Programs
U	Lotus SuiteStart	suitest.exe	Puts the individual Lotus components in the system tray taskbar when you start Windows. Can be disabled via MSCONFIG -> Startup as "Lotus SuiteStart 97 Edition". All individual components available via Start -> Programs
X	LotusHlp	LotusHlp.exe	Added by the WINKO.AO WORM!
X	LowVersionSupport	[filename]	Added by the LASTRAS TROJAN!
U	LPManager	LPMGR.exe	Part of Lenovo's IBM ThinkVantage Productivity Center for - "guides you to a host of information and tools to help you set up, understand, maintain, and enhance your ThinkPad? notebook or ThinkCentre? desktop"
X	Lpr	Lpr123.exe	Added by the REMPSTEAL password stealer TROJAN!
X	Lpr123	Lpr123.exe	Added by the REMPSTEAL password stealer TROJAN!
U	LPS	Lps.exe	Local Port Scanner - "With LPS you're able to check your computer for open or listening ports"
U	LPtask	lptask.exe	Program Lock It And Protect Pro - lock and protect your folders from being opened, moved or deleted
X	LRBZ Utility 32	lrbz32.exe	Added by the AGOBOT-JQ WORM!
N	LS120 Superdisk	??	Supposed to accelerate transfer rate on LS-120, contributes to system lockups
X	LSA	wfdmgr.exe	Added by the MYTOB.C WORM!
X	LSA	lsa.exe	Added by the SDBOT-YV WORM!
X	LSA	msdn.exe	Added by an unidentified malware
X	LSA Service	LSASS.exe	Added by the AHKER.G WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!
X	lsa Services	lsa2srv.exe	Added by the TAME-C WORM!
X	LSA Shell (Export Version)	LSASS.exe	Added by several variants of the AHKER WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	LSA Shellu	lsass.exe	Detected by Symantec as the SILLYFDC WORM! See here. Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	LsaManager	lsamgr.exe	Added by the BEAGLE.DR WORM!
X	lsas	lsas.exe	Added by the BIGFAIRY-C WORM!
X	lsass	lsass.exe	Added by the RATSOU.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a DebugUserMode subfolder of the Winnt or Windows folder
X	lsass	start.bat	Added by the ZCREW TROJAN!
X	lsass	[path to lsass.exe]	Added by the ALADINZ.F TROJAN! Note - this is not the legitimate lasss.exe process which should NOT appear in Msconfig/Startup!
X	lsass	lsasrv.exe	Added by the MYDOOM.AG or MYDOOM.AS or MYDOOM.AU WORMS!
X	Lsass	woekd.exe	Added by an unidentified WORM or TROJAN!
X	lsass	elite***32.exe	EliteBar adware
X	Lsass	Lsass.exe	Added by the ALCOP-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Lsass	Lsass.exe	Added by the VOUMIT-A WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "mirc32" folder
X	LsasS	Sygate.exe	Added by the SDBOT.BCA WORM!
X	Lsass	kavmm.exe	Added by an unidentified WORM or TROJAN! NOTE - do NOT confuse with the legitimate Kaspersky antivirus module as described here. Contrary to this impostor, the legitimate file will always be located in the Kaspersky Lab folder in Program Files
X	Lsass	LSASS.EXE	Added by the PUNYA-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	LSASS 32	ISASS32.pif	Added by the ASSIRAL-C WORM!
X	LSASS Authority	lshosts32.exe	Added by the SDBOT-UY TROJAN!
X	LSASS Authority	lsvhosts.exe	Added by the SDBOT.BCE WORM!
X	LSASS Daemon	LSASSd.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	lsass service	lsass2.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	lsass16	lsass16.exe	Added by the BANKER-BXX TROJAN!
X	lsass2k Update	lsass2k.exe	Added by a variant of the RBOT WORM!
X	LSASS32	Isass32.exe	Added by the KELVIR.M WORM!
X	lsass32	lsass32.exe	Added by the LYDRA-B TROJAN!
X	lsass64BiT.exe	lsass64BiT.exe	Added by the FORBOT-CK WORM!
X	lsassig	lsassig.exe	Added by the BANCOS-EC TROJAN!
X	lsasss	lsasss.exe	Added by the GEEKMY-A TROJAN!
X	lsasss.exe	lsasss.exe	Added by the SASSER.E WORM!
Y	lsburnwatcher	lsburnwatcher.exe	HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting
Y	LSBWatcher	lsburnwatcher.exe	HP software which helps one create labels after a music CD is burned using LightScribe discs. If you want to use LightScribe labeling, do not prevent from starting
X	lsess	lsess.exe	Added by the SINNAKA.A WORM!
X	lsmass	lsmass.exe	Added by the WALLOP-B TROJAN!
X	lsmss.exe	lsmss.exe	Added by the PROXY-GG TROJAN!
U	LSPFix	LSPmonitor.exe	eAcceleration Stop-Sign security software related. Previously not recommended, see here
X	lspins	igps.exe	Reported as the VB.KC TROJAN by Kapersky Anti-Virus
U	LSPmonitor	LSPmonitor.exe	eAcceleration Stop-Sign security software related. Previously not recommended, see here
X	lssass	lssas.exe	Added by the AGOBOT.RL WORM!
X	LSvr	LSvr.exe	PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here
Y	LT DAEMON	ltdaemon.exe	Acts as a data spooler for the DSL modem (similar to a cache). Do not uncheck if the DSL modem is being used
X	LTCISI	ltcisi.exe	Added by the DELBOT-AP WORM!
X	LTCISI	ltcisi.exe	Added by the DELBOT-AP WORM!
X	LTDMgr	LTDMgr.exe	PowerStrip foistware. Note - this is not the same as the video tweaking utility of the same name here
X	LTM2	MSGSRV32.EXE	Added by the LITMUS.A TROJAN! Note - MSGSRV32.EXE in this case is in a Litmus sub-directory and is not to be confused with the valid version in C:WindowsSystem
X	LTM2	MPGSRV32.EXE	Added by the LITMUS.201 TROJAN!
X	LTM2	MSGSRV320.EXE	Added by the LITMUS.C TROJAN!
X	LTM2	winupdate.exe	Added by the LITMUS.203 TROJAN!
X	LTM2	bible.exe	Added by the LITMUS.203 TROJAN!
X	LTM2	winscan.exe	Added by the LITMUS-B TROJAN!
X	LTM2	lssas.exe	Added by a variant of the LITMUS TROJAN!
X	LTM2	MSGSSV32.EXE	Added by the FC.C TROJAN!
X	LTM2	msns6	Added by the LITMUS.C TROJAN!
X	LTM2	RundlI.exe	Added by the MULTIDRP.BG TROJAN!
X	LTM2	SVCHOST32.exe	Added by the LITMUS.203B TROJAN!
X	LTM2	SVCHOST?.exe	Added by the DROPPERFL.A TROJAN!
X	LTM2	winvers16.exe	Added by the SMALL.ND TROJAN!
U	LtMoh	Ltmoh.exe	Modem On Hold utility - manages incoming/outgoing voice calls on a single phone line while being connected to the internet
Y	LTMSG	ltmsg.exe	One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
Y	Lto Manager	DesktopLtoManager.exe	Related to Global Positioning System (GPS) found on HP iPAQ hw6500 unit and others
N	LTSMMSG	LTSMMSG.exe	Lucent Tech. Soft Modem Messaging application - may be found on Fujitsu Lifebook, Acer and Sony Vaio notebooks, maybe others too
X	LTSMSG	Shell32.exe	Added by the LEMIR.B TROJAN!
X	LTT2	rundll32.exe	Added by the LINEAGE-BI TROJAN!
Y	LTWinModem1	ltmsg.exe	One of the "popular" WinModem series. WinModems use software rather than hardware - hence putting a load on the CPU. Needed if you have it for loading the drivers. See here for more WinModem information
X	ltwob	formatsys.exe	Added by the SERFLOG.A WORM!
X	ltwob	msmbw.exe	Added by the SERFLOG.A WORM!
X	ltwob	serbw.exe	Added by the SERFLOG.A WORM!
U	LUGuard	LUGuard.exe	PC-Duo Remote Control enables your help desk technicians to take instant control of any remote desktop PC at any location across the LAN, WAN or internet
X	lup	lup.exe	Added by the IRCBOT_GEN WORM!
Y	Lusetup	LUSetup.exe	Symantec LiveUpdate installer - required to install a new version of the application. Will only run once, and the entry is automatically deleted after a reboot
U	LVComs	lvcoms.exe	Lvcomm server. Related to Logitech Quick Cam - works fine without it but it is needed for the Logitech ImageStudio software to connect to the camera
N	LVCOMSX	LVCOMSX.EXE	It provides extra functionality for Logitech multimedia webcam devices. When disabled the camera still works in quick capture but you can get a slight increase in picture quality - not so snowy and the movement wasn't so jerky
U	LWBKEYBOARD	KbdAp32A.exe	Keyboard utility for a Labtec brand (and possibly others) keyboard. If you disable this entry you will not be able to use any of the keyboard hotkeys or other non-standard functions on the keyboard
U	LWBMOUSE	lwbwheel.exe	Mouse driver - required if you use non-standard Windows driver features
U	LWBMOUSE	MOUSE32A.EXE	Mouse utility for a Lenovo brand (and possibly others) mouse. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
N	Lwinst Run Profiler	lwtest.exe	Logitech Wingman Profiler for the Logitech joysticks. Available via Start -> Programs
X	lwjcjuti.exe	lwjcjuti.exe	Added by the DWNLDR-GTQ TROJAN!
Y	lxamsp32	lxamsp32.exe	Lexmark Scan and Copy Control Program for the X63 (and maybe others) printer/scanner. Required for the scanner to work
?	LXbbmgr	LXbbmgr.exe	Lexmark printer button manager? Is it required?
?	LXBLKsk	LXBLKsk.exe	Lexmark related. What does it do, and is it required?
U	lxbrbmgr	lxbrbmgr.exe	"Lexmark Scan & Copy Control Program" for the Lexmark 3100 all-in-one multifunction printer/copier/scanner. Button manager for features such as scan, scan to E-mail, copy, etc
?	LXBRKsk	LXBRKsk.exe	Lexmark printer related. What does it do and is it required?
Y	LXBSCATS	rundll32 [path] LXBStime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	LXBTCATS	rundll32 [path] LXBTtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	LXBUCATS	rundll32 [path] LXBUtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxbumon.exe	lxbumon.exe	Lexmark 6200 Series printer device monitor
Y	LXBXCATS	rundll32 [path] LXBXtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxbxmon.exe	lxbxmon.exe	Lexmark 7100 Series printer device monitor
Y	LXBYCATS	rundll32 [path] LXBYtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxbymon.exe	lxbymon.exe	Lexmark P910 Series printer device monitor
Y	LXCCCATS	rundll32 [path] LXCCtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxccmon.exe	lxccmon.exe	Lexmark 3300 Series printer device monitor
Y	LXCECATS	rundll32 [path] LXCEtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	LXCFCATS	rundll32 [path] LXCFtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	LXCGCATS	rundll32 [path] LXCGtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxcgmon.exe	lxcgmon.exe	Lexmark 2300 Series printer device monitor
Y	LXCJCATS	rundll32 [path] LXCJtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
Y	LXCQCATS	rundll32 [path] LXCQtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxcqmon.exe	lxcqmon.exe	Lexmark 9300 Series printer device monitor
Y	LXCRCATS	rundll32 [path] LXCRtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxcrmon.exe	lxcrmon.exe	Lexmark 2400 Series printer device monitor
Y	LXCTCATS	rundll32 [path] LXCTtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxctmon.exe	lxctmon.exe	Lexmark 5400 Series printer device monitor
Y	LXCYCATS	rundll32 [path] LXCYtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxcymon.exe	lxcymon.exe	Lexmark 3400 Series printer device monitor
U	lxdcamon	lxdcamon.exe	Lexmark 1300 Series printer device monitor
Y	LXDCCATS	rundll32 [path] LXDCtime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details
U	lxdcmon.exe	lxdcmon.exe	Lexmark 1300 Series printer device monitor
U	lxddamon	lxddamon.exe	Lexmark 2500 Series printer device monitor
U	lxddmon.exe	lxddmon.exe	Lexmark 2500 Series printer device monitor
U	lxdiamon	lxdiamon.exe	Lexmark 3500-4500 Series printer device monitor
Y	LXDICATS	rundll32 [path] LXDItime.dll, _RunDLLEntry@16	Resolves a timing problem where the Lexmark Communications service tries to communicate with the printer but Windows is too busy - by either delaying the start of the service or restarting if the service failed to load. See here for more details on a similar Lexmark DLL entry (LXDCtime.dll)
U	lxdimon.exe	lxdimon.exe	Lexmark 3500-4500 Series printer device monitor
U	lxdjamon	lxdjamon.exe	Lexmark 1400 Series printer device monitor
U	lxdjmon.exe	lxdjmon.exe	Lexmark 1400 Series printer device monitor
N	LXSUPMON	LXSUPMON.EXE	Lexmark printer related. The printer should work fine without it but what does it do?
?	lycosInside	Lyc_SysTray.exe	Lycos eMail related - what does it do and is it required?
U	LyraHD2TrayApp	LYRAHD2TrayApp.exe	Related to RCA Lyra MP3 Player
X	LzioMediaUpdater	LzioMediaUpdater.exe	LZIO.com adware downloader
?	M Player Post Installer	postinstallm.exe	??
X	M S DVD DirectX Dll Drivers	msxdl.exe	Added by the SDBOT-BJN WORM!
N	M-Audio Delta Taskbar Icon	DeltTray.exe	M-Audio Delta Control Panel for M-Audio brand Delta series audio cards. System Tray access to audio settings - available through Control Panel
U	M-Audio MobilePre Control Panel Launcher	MPTask.exe	Control Panel Launcher for MobilePre USB bus-powered preamp and audio interface from M-Audio
X	M-soft Office	M-soft Office.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
X	M1cr0s0ft S3rcurity	systemconfig.exe	Added by the RBOT.BKB WORM!
X	M1cr0s0ft Upd4t4zS	update32.exe	Added by the RBOT-MI WORM!
X	m32info	m32info.exe	Added by the CRYPTER.A TROJAN!
X	M3Development_WhenUSave_Installer	M3Development_WhenUSave_Installer.exe	WhenU.Save adware
N	M3Tray	m3tray.exe	Movielink - internet movie rental System Tray access
U	MAAgent	MAAgent.exe	Related to MarkAny - a solution to prevent is unauthorized distribution of information through Floppy, CD, email, etc
X	Macfee Security Patch	Mpfsheild.exe	Added by the RBOT-NP WORM!
U	Machine Debug Manager	mdm.exe	Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as MDM7. See here to disable
X	Machine Debug Manager	msdn.exe	Added by a variant of the RBOT WORM!
X	Machine Update Soft	wusas.exe	Added by an unidfentified WORM!
X	machine-debugger	WMIPRVSW.exe	Added by the AGOBOT.U WORM!
X	mackfy.exe	msms.exe	Added by the SDBOT-DID WORM!
N	MacLic	MacLic.exe	Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks
N	MacLicense	MacLic.exe	Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks
N	MacName	MacName.exe	Part of Conversions Plus from DataViz - allowing PC and MAC owners to share disks
X	Macromedia 8	Flash Player.exe	Added by the JAMBU-A WORM!
X	Macromedia Critical Updater	rarww.exe	Added by a variant of the RBOT WORM!
X	Macromedia Dreamweaver XM	macdwXM.exe	Added by the AGOBOT-RI WORM!
X	Macromedia Drive	Iexplor32.exe	Added by a variant of the RBOT WORM!
X	Macromedia Flash Update	scvhost.exe	Added by a variant of the RBOT WORM!
Y	MAD.EXE	MAD.EXE	MAD.exe is the MS Exchange 5.5 System Attendant and can also consume a large amount of resources - resolved by the latest Exchange 5.5 Service Pack. Also part of Exchange 2000 Server but does it have the same problems?. Apparently you need to leave this running but is it needed at start-up?
N	MadExe	LaunchRA.exe	Part of Dell Resolution Assistant - "a diagnostic program that allows you to contact Dell. When factory-installed by Dell, it allowed you to perform hardware and software diagnostics that provided alerts to potential problems and enabled real-time communication with Dell RA techs. You can now use RA only to contact Dell by e-mail"
U	MAFWTaskbarApp	MAFWTray.exe	Drivers for the M-Audio Firewire Audiophile - Interface
U	MagicDsk	MAGICDSK.EXE	Magic DeskTop is a small and novel utility which will allow you the option of hiding or showing your desktop icons
U	MagicKeyboard	PreMKBD.exe	Related to Samsung laptops. Provides ability to program keys to perform specific functions
U	MagicLinker3	MagicLnk.exe	ThaiSoftware Thai Dictionary
N	Magitime	Magitime.exe	Magitime - connection tracking utility which monitors online time, expense, data transfer
?	Mail.com	mcalert.exe	Mail.com - free web-mail service. Does mcalert.exe notify you when new mail has arrived?
U	MailBell	mailbell.exe	MailBell e-mail notification tool that will notify you about new messages arrived to your mailbox. Works with both POP3 mailboxes and web-mail based systems. You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
U	Mailbox Verifier	mboxvrfy.exe	Mailbox Verifier (MV) is free software that will notify you about new messages arrived to your mailbox. Only works with POP3 mailboxes (not web-mail based systems). You should be able to set your mail system to check all accounts at regular intervals anyway if you prefer (in Outlook for instance)
U	MailCleaner	MAILCLEANER.EXE	MailCleaner "protect your computer from viruses sent to your machine via the popular e-Mail reader Incredimail. In addition the program will check all incoming files downloaded by Internet Explorer, Netscape Navigator, ICQ and iMesh". Not recommended as it bundles GAIN adware. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	mailman.exe	mailman.exe	Added by the CERTIF-E TROJAN!
Y	MailScan Dispatcher	Launch.exe	MicroWorld MailScan Dispatcher splits each e-mail message into various components such as the header, body and attachment. Compressed formats (ZIP, ARJ, etc.) are scanned for viruses and cleaned
X	Mail_Check	Mail_Check.exe	Added by the PANOIL.C WORM!
U	MAIN	main.exe	SpyCop surveillance software detection - checks to see when your machine was last scanned and if it was more than a week asks if you want to scan
?	Main Executable (HP)	HP05T0R5.exe	HP (Hewlett-Packard) related. Maybe related to printers. Now - what does it do?
X	main16	main16.exe	Added by the CRYPTER.A TROJAN!
X	main32	main32.exe	Added by the CRYPTER.A TROJAN!
X	MainStart	svcmfte32.exe	Added by the STINX-A TROJAN!
X	mainviewex	mainviewex.exe	Added by the GEMA.D TROJAN!
X	main_module	drvmmx32.exe	Added by the DILA TROJAN!
X	Major Microsoft Windows Driver Boot loader	bpool.exe	Added by the MYTOB.AJ WORM!
U	Malware Sweeper	MalSwep.exe	Malware Sweeper - "Protects the user from malicious malware and monitors the sanity of the running programs"
X	Malware-Wipe	Malware-Wipe.exe	Malware remover - not recommended, see here
X	Malware-Wiped	Malware-Wiped.exe	Malware remover - not recommended, see here
X	MalwareAlarm	MalwareAlarm.exe	MalwareAlarm malware remover - not recommended, see here
X	MalwareBot	MalwareBot.exe	MalwareBot spyware remover - not recommended, see here
X	MalwareCrush	MalwareCrush.exe	MalwareCrush spyware remover - not recommended, see here
X	MalwareStopper	MalwareStopper.exe	MalwareStopper malware remover - not recommended, see here
X	MalwareWipe	MalwareWipe.exe	MalwareWipe malware remover - not recommended, see here
X	MalwareWiped	MalwareWiped.exe	MalwareWiped malware remover - not recommended, see here
X	MalwareWiper	MalwareWiper.exe	MalwareWiper malware remover - not recommended, see here
U	ManageDesk Lite	ManageDesk Lite.exe	ManageDesk Lite from Managebytes Desktop management software. Each desktop is a separate working space for you to use
X	ManageProtocolCtrl	csmsv.exe	Added by the LOOKSKY.B TROJAN!
X	manager	manager.exe	Detected by Kaspersky as the SMALL.CVT TROJAN!
U	Manager Monitor	monitor.exe	MindStorm AnalyzerPro from Secure Associates. "A security management tool for customers easy to manage report and analyze security events across heterogeneous security devices"
X	Managment Service	[random filename]	Added by the RBOT.BIS TROJAN!
N	Mania Win Restore	RESWIN.EXE	Pinball Mania for Windows from 21st Century Entertainment LTD (1995). Runs briefly at start-up then terminates. Available via Start -> Programs
X	manrotce	manrotce.exe	Added by unidentified malware
X	Mantis	[filename]	Added by the MANTIBE VIRUS!
X	MapEDC	MapEDC.exe	Added by the WaveRevenue-McBoo TROJAN!
X	MapiDrv	mpisvc.exe	Added by the MIPSIV TROJAN!
X	mapisvc32	mapisvc32.exe	Added by the KX VIRUS and also recognised by Symantec as FPAI adware
X	mark the service	xxtra32.exe	Added by the SDBOT.APP WORM!
X	Martini	pinmart.exe	Added by a variant of the SDBOT WORM!
X	Mascro soft SDK updates2	SDKrepair2.exe	Added by the SDBOT.BXM WORM!
X	maskrider	maskrider2001.vbs	Added by the SOLOW-G WORM!
N	masqform.exe	masqform.exe	PureEdge Viewer 6.0, reportedly associated with viewing and text editing US Air Force electronic forms
U	masqform.exe	masqform.exe	PureEdge Viewer - provides automation framework to manage and deploy XML forms-based processes for e-business and e-government systems. PureEdge was taken over by IBM (see here) and the product became Workplace Forms
N	Mass storage check registry	rundll32.exe MSDServ.dll, check registry	Used with a USB based smartmedia card reader
X	Master	svcghost.exe	Added by the IRCBOT.RB TROJAN!
X	Master Card Updaate 32	Mastercard32.exe	Added by a variant of the RBOT WORM!
U	Master Volume Spy	MASTERVOLUMESPY.EXE	Volume control for the Gateway Destination "DestiVu" media interface
X	MasterBoot Switch	popupkill.exe	Added by a variant of the RBOT WORM!
U	Matador	mlfbuddy.exe	MailFrontier - anti-spam application
U	Matador	mantispm.exe	MailFrontier Desktop (Matador) email spam blocker software
U	Matrix Screen Locker	matrix.exe	Matrix Screen Locker is a system tray application that allows for quick and secure PC lock when you wish. The screen does a "matrix style" scrolling characters effect when the lock is running
X	MatrixScreen	[filename]	Added by the MATRIXSCREEN TROJAN!
X	MatrixScreenSaver	mss.exe	Malware, see here
N	Matrox Color Control	hgcctl95.exe	For Matrox video cards. Quick access to changing colors
N	Matrox Control Center	mgactrl.exe	For Matrox video cards. Quick access to settings
N	Matrox Diagnostic	mgadiag.exe	For Matrox video cards. Quick access to diagnostics
N	Matrox Powerdesk	PDesk.exe	For Matrox video cards. Quick access to tweak your card to your liking
N	Matrox PowerDesk 8	Matrox.PowerDesk.exe /silent	For Matrox video cards. Quick access to tweak your card to your liking
N	Matrox PowerDesk 8	matrox.powerdesk.exe	"Matrox PowerDesk software provides extra multi-display desktop management controls"
N	Matrox QuickDesk	mgaqdesk.exe	For Matrox video cards. Quick access to tweak your card to your liking
X	MAV_check	mav_startupmon.exe	WinAntiVirus Pro 2007 misleading virus software - not recommended, see here
X	MaxAlerts	max.exe	Bonzi MaxALERT - spyware
U	MaxBackSchedule	maxbackservice.exe	Backup scheduler for the Maxtor (now Seagate) range of external hard drives - part of Maxtor Quick Start
U	MaxBlastMonitor	MaxBlastMonitor.exe	Maxblast hard drive utility for Maxtor (Seagate) drives
Y	MaxtorCombo	ComboButton.exe	Required to be able to use the Maxtor OneTouch button on your external Maxtor harddrive. It is used to start up backup software (Retrospect)
U	MaxtorOneTouch	OneTouch.exe	Maxtor OneTouch Hard Drives/OneTouch Family hard disk backup software
U	MaxtorReg	AUTOREG.EXE	Part of SYSagent - small utility for retrieving all the hardware and software information required by anyone administering a machine and/or the network it's a part of
Y	MayaPan	MayaPan.Exe	Audiotrak Maya soundcard driver
X	mb2np	[random filename]	Added by the IRCBOT.TJ WORM!
U	MBkLogOnHook	LogOnHook.exe	Related to McAfee Backup from Network Associates
U	MBM 4	MBM4.exe	Motherboard Monitor 4 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
U	MBM 5	MBM5.exe	Motherboard Monitor 5 - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
?	MBMon	Rundll32 CTMBHA.DLL, MBMon	Creative Filter AudioControlMB Module - related to the Creative Audigy line of sound cards. What does it do and is it required?
U	MBNet	mbnet.exe	MBNet (Portugal) Credit Card Processing software
U	MBProbe	mbrpobe.exe	MBProbe - only needed if you overclock your system and want to keep a check on system temperatures/voltages/etc. Available via Start -> Programs
U	mbssm32	mbssm32.exe	Reported as Micro Bill Systems foistware - but not according to the company themselves, see here
X	mbssm32	monstu.exe	Detected by AVG Antispyware as the AGENT.CNM TROJAN!
X	MC	wintrims.exe	Added by the WINTRIM TROJAN!
X	MC	MAGICON.EXE	Added by the MAGICON.A TROJAN!
X	MC	N/A	Added by the SIMCSS TROJAN!
X	MC	WINTRIM.EXE	Added by the WINTRIM_A TROJAN!
X	McAfee	McAffeAv.exe	Added by the NETSKY.AL WORM!
X	mcafee	Win32.dll.vbs	Added by the CATCHER-B WORM!
X	Mcafee Anti Scan	NortonScn.exe	Added by a variant of the RBOT WORM!
X	McAfee Antivirus	McAfeeAV.exe	Added by a variant of the RBOT WORM!
X	Mcafee Antivirus Monitoring System326	VSStatmn326.exe	Added by a variant of the SDBOT WORM!
X	Mcafee Antivirus Monitoring System32mn	VSStatmn32.exe	Added by a variant of the RBOT WORM!
X	McAfee Antivirus Protection	mcafeeAV.exe	Added by a variant of the RBOT WORM!
X	Mcafee Auto Protect	mcafeshield.exe	Added by the RBOT-UH WORM!
U	McAfee Backup	McAfeeDataBackup.exe	McAfee Backup from Networks Associates
Y	McAfee Desktop Firewall Tray	FireTray.exe	McAfee Desktop Firewall
Y	McAfee Firewall	CPD.EXE	Firewall bundled with McAfee VirusScan 6.*. Can also be listed as CPD_EXE
N	McAfee Guardian	CMGRDIAN.EXE	McAfee's QuickClean, an offline version of the one in their online Clinic. Normally run offline and not needed. Incidentally, incorporates more cleanup programs than the likes of WinOptimizer and System Mechanic
X	McAfee Online virus Scanner	avp.exe	Added by the RBOT-GCV WORM! Not to be confused with AOL's Active Virus Shield (by Kaspersky)
X	McAfee Online Virus Scanner	nzm.exe	Detected by Trend Micro as the IRCBOT.XV TROJAN! See here
N	McAfee QuickClean Imonitor	Plguni.exe	McAfee QuickClean 3.0 - removes internet clutter and unwanted programs
X	mcafee Software Intrenet	mcafee.exe	Added by the RBOT-ATR WORM! Note - this is not a valid McAfee program
X	McAfee Windows Protection	mcafee32.exe	Added by a variant of the SPYBOT WORM!
N	McAfee Winguage	??	Part of McAfee Nuts & Bolts. "WinGuage is a dynamic reporting tool that constantly monitors your use of Windows and your applications, to alert you to potential problems before they become serious". Resource hog. Available via Start -> Programs
U	McAfee.InstantUpdate.Monitor	RuLaunch.exe	Instant Updater for McAfee's VirusScan, Internet Security, Quick Clean, Uninstaller and Firewall products. In the case of VirusScan leave it enabled unless you update manually on a regular basis
Y	McAfeeFireTray	Firetray.exe	McAfee Desktop Firewall
X	McAfeeScanPlus	McAfeeScanPlus.exe	Added by the MEPCOD TROJAN! This trojan file does not belong to any McAfee Antivirus Software and is found in the Windows or Winnt folder
Y	McAfeeUpdaterUI	UpdaterUI.exe	Associated with McAfee Enterprise 7.0.0. - background process
Y	McAfeeVirusScanService	Avsynmgr.exe	From McAfee VirusScan version 5.x. Runs VirusScan System Tray (Vsstat.exe), WebScanX (Webscanx.exe), VirusScan System Scan (Vshwin32.exe) and VirusScan Console (Avconsol.exe) under one application
Y	McAfeeWebscanX	WebScanX.exe	From McAfee VirusScan up to version 4.x. Provides functionality for VShield Download Scan and Internet Filter modules. Enables internet scanning. Guards against malicious ActiveX programs, etc
X	Mcaffe Antivirus	Mcafeescn.exe	Added by a variant of the SPYBOT WORM!
X	Mcaffee	mcsheild.exe	Added by the RBOT-FDP WORM!
U	McAgentExe	mcagent.exe	From McAfee VirusScan On-line. The Agent is a red M icon that appears in the Windows system tray or Notification Area (if you're running Windows XP). If you don't see the agent icon, VirusScan Online may not be installed
Y	Mcappins.exe	mcappins.exe	Used by McAfee Virusscan to perform product updates. When updates are available the program will download and install them automatically. Recommended to leave enabled
N	MChanger	MChanger.exe	Media Changer - utility that allows you to change wallpapers, sounds, themes, etc
U	MCI USB Icon	USBIcon.exe	MCI USB software used for managing a USB card reader
N	McLogLch_exe	McLogLch.exe	Related to McAfee security suite. This is a non-essential program, but should not be disabled unless suspected to be causing problems
X	MCM3	mcm3.exe	ShopAtHome/SAHagent adware variant
?	McRegWiz	mcregwiz.exe	McAfee antivirus related. What does it do and is it required?
X	Mcrosoftr Update	Mcrosoftr.exe	Added by a variant of the RBOT WORM!
Y	McShld9x	mcshld9x.exe	Part of McAfee's Virusscan Online. Must be enabled for scanning to work
Y	MCTskShd	mctskshd.exe	Part of McAfee SecurityCenter. Runs in the background controlling critcal updates and control antivirus related actions. This program is important for the stable and secure running of your computer
U	McUpdateExe	mcupdate.exe	From McAfee VirusScan On-line. Automatically updates your virus definitions. Leave enabled unless you regularly update these definitions
Y	McVsRte	mcvsrte.exe	Part of McAfee's SecurityCenter. Must remain checked but one user reports Windows glitches with no response from McAfee as to why
Y	mcvsshld	mcvsshld.exe	McAfee VirusScan On-line. See also the McAgentExe entry
X	MCX Update	wisp.exe	Added by the RBOT-AQH WORM!
X	MCX Updte	scorti.exe	Added by the RBOT-ARP WORM!
X	MD IE Plugin	md.exe	Marketdart spyware
X	MD IE Plugin	winy.exe	Adware
N	mdac_runonce	runonce.exe	Associated with MS Data Access Components (MDAC). Sometimes left over after installation - not required. NOTE :- don't delete "runonce.exe".
N	MDDiskProtect.exe	MDDiskProtect.exe	MediaFour MacDrive for Windows - easily open, edit and save files from Mac-formatted disks, format Mac disks and burn Mac CDs and DVDs!
X	mdetect	[path to trojan]	Added by the SPABOT TROJAN!
X	Mdm	Mdm.vbs	Added by the WHITEHO VIRUS or TRAPPY WORM!
X	mdm	mdm.exe	Added by the LYDRA-F TROJAN! Note - this is not the valid Machine Debug Manager which shares the same filename
U	MDM7	mdm.exe	Used by developers for debugging. Those who have encountered it have unchecked it with no degradation in performance. May cause your computer to "hang" if you have MS Visual Studio installed and this disabled because it appears to take over error handling - hence the U recommendatioon. Can also be listed as Machine Debug Manager. See here to disable
X	Mdmdll	mdmdll.exe	Added by the CRYPTER TROJAN!
X	Mdmdll32	mdmdll32.exe	Added by a variant of the CRYPTER.C TROJAN!
X	MDN	MDNS.exe	Added by the SPYBOT.JPB WORM!
X	MDN	MDNZ.exe	Added by the RBOT.AQD WORM!
X	MDN	MDN.exe	Added by the RBOT.AOA WORM!
X	MDNS	service.exe	Detected by Symantec as a variant of the Mirar adware
X	mds.exe	mds.exe	Added by the MADS-A TROJAN!
X	MDSA Sentinel X	smss.exe	SentinelX spyware. Note - SentinelX is spyware that logs keystrokes. It also monitors and records Web sites visited and applications used. The risk can capture periodic screen shots and may be configured so as to block access to specific Web sites and chat rooms, must be manually installed. Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "MDSA Software" subfolder of the Program Files folder
X	mdwmdmsp	mdwmdmsp.exe	Adware - detected by Kaspersky as the AGENT.AM TROJAN!
N	MECA	Meca.exe	Meca cross-platform communications technology, branded messengers will connect with AOL, MSN, Yahoo!, and ICQ users
X	MedGS	MEDGS1.exe	PacerD_Media/Pacimedia.com adware
X	Media Access	MediaAccK.exe	Windupdates MEDIAPAS.A adware
X	Media Access	MediaAccK.exe	Added by the PODROP-C TROJAN!
X	Media Adapter	bitblt.exe	Added by the HANSAH-A WORM!
U	Media Card Companion Monitor	MCC Monitor.exe	Monitor for Media Card Companion from ArcSoft. "Automates the tedious processes associated with downloading and sharing files from digital cameras, card readers, and other removable media"
U	Media Codec Update Service	update.exe	Windows Essentials Codec Pack 1.0 is a collection of the most commonly needed video and audio codecs. This program allows keeps these codecs updated
X	Media Gateway	MediaGateway.exe	180Solutions adware related
X	Media Load	msn32.exe	Added by a unidentified WORM or TROJAN!
U	Media Manager Indexer	AIRSVCU.EXE	Part of MS Visual InterDev, Media Manager is an easy media file management system that works in conjunction with Windows Explorer. The Media Manager Indexer is a program that indexes all the information about your media files and puts it into a database
X	Media Pass	MediaPassK.exe	MediaPass adware
X	Media Pass	MediaPass.exe	WindUpdates MediaPass adware
X	Media Player	media.exe	Added by the FLDMEDIA-A TROJAN!
X	Media Player	wmplayer.exe	Added by the AGOBOT-BM WORM!
X	Media Player	Sysdll.exe	Added by the BANKER-BR TROJAN!
X	Media Player	Sysnet.exe	Added by the BANKER.MW WORM!
X	Media Player Update	xpsp1mfh.exe	Added by a variant of the RBOT WORM!
X	Media Plug x.1.2	msdm.exe	Added by the MULDROP.352 VIRUS!
X	Media Server	msdts.exe	Added by a variant of the IRCBOT TROJAN!
X	Media Service	msn64.exe	Added by the SPYBOT.EV WORM!
X	Media service	msnmsgxr.exe	Added by the SDBOT.TF WORM!
X	Media service	SYSTEM64.EXE	Added by the RBOT.QV WORM!
X	Media service	notpad.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Media Software UPdater	sscs.exe	Added by the RBOT-ABE WORM!
X	Media Transfer Protocals	msstc.exe	Added by a variant of the IRCBOT TROJAN!
X	Media X Services	MSNGRx.exe	Added by the RBOT.AUL WORM!
X	Media-XP-Service-Pack3	msnzx.exe	Added by the SDBOT-ACW WORM!
X	MEDIA32	[path to trojan]	Added by the PURSCAN-Z TROJAN!
N	MediaFace Integration	Sethook.exe	Fellowes Neato? cd label design software. "Launch NEATO's MediaFACE II label making software directly from the productname toolbar"
U	Mediafour Mac Volume Notifications	Macvntfy.exe	Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
U	Mediafour XPlay Tray Notification Icon	Xptryicn.exe	Mediafour Xplay - allows you to use an Apple iPod digital music player with a PC running Windows. If not used regularily start manually before connecting the iPod
U	MediaKey	MediaKey.exe	Multimedia keyboard manager. Required if you use the multimedia keys
U	MediaLifeService	MediaLifeService.exe	Related to MediaPlay Cordless Mouse from Logitech
X	MediaLoads	dw.exe	Medialoads adware
X	MediaLoads Installer	dw.exe	Medialoads adware
N	MediaMonitor	Mediam~1.exe	Installed by Smartdisk MVP CD burning software. Software will work fine without it
X	mediamotor.exe	mmups.exe	Added by the AGENT-BY TROJAN!
X	MediaPath	Proyecto1.exe	Added by the GRUEL WORM!
X	MediaPath	Root.exe	Added by the GRUEL WORM!
X	MediaPipe P2P Loader	mpp2pl.exe	MediaPipe peer-to-peer file swapping program also reported as a hijacker
X	mediapluscash.exe	mediapluscash.exe	MediaGateway adware
N	MediaRing Talk	mrtalk.exe	Media Ring Talk, voice recognition software, Resource hog. Available via Start -> Programs
X	MediaXPServicePack	mxpsp.exe	Added by the SDBOT.CDT WORM!
X	media_driver	media_driver.exe	Added by the TUPEG VIRUS! Note - this malware actually changes the default value data of the Registry "Run" key in order to force Windows to launch it at boot. Name field may be empty
X	media_manager	mediaman.exe	Mini-Player, IMESH related foistware, see here
X	media_stub	stub.exe	Mini-Player, IMESH related foistware, see here
U	MEDIC	sprtcmd.exe /P MEDIC	Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft, Inc). Identifies and automatically fixes typical problems that may occur with your high-speed internet service
X	Medichi	medichi.exe	Added by the VIRANTIX.B TROJAN!
X	Medichi2	medichi2.exe	Added by the VIRANTIX.B TROJAN!
?	MedionVFD	MdionLCM.exe	Related to Medion Display Information. What does it do and is it required?
X	Meeting Connection	comsutil.exe	Added by the PPDOOR-E TROJAN!
X	Meeting Connection	wowdache.exe	Added by the PPDOOR-D TROJAN!
X	Meeting Connection	hgakdl32.exe	Looks like a variant of the PPDOOR-E TROJAN!
U	MegaPanel	HSTrans.exe	Homescan Internet Transporter - part of ACNielson Homescan. Recognizes when the ACNielsen Homescan Scanner is attached to the computer and allows it to transmit scanner information to ACNielsen
?	meidntpa	vqgdpfrs.exe	??
X	melg34	mdmd.exe	Added by an unidentified WORM or TROJAN - see here
X	melg3445	mdmdd.exe	Added by a variant of the RBOT WORM!
X	mem32	mem32.exe	Added by the AGENT-FWF WORM!
X	Members area	*****.exe [ = random digit]	Premium rate adult content dialer
X	MemConfig	SetupIE.com	Added by the TAPLAK WORM!
N	Memento	Memento.exe	Memento - simple app to keep text notes on your desktop
U	MemMonster	memmnstr.exe	MemMonster - memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
U	MemoKit	MK.EXE	Memory optimizer. It loads from startup group and it goes off as soon as the program (memokit.exe) is loaded in the System Tray. Mk.exe does not run while the memokit.exe is running. Probably loads a flash screen at startup and shutdown that stays on screen less than 5 seconds and gives you a button to push to purchase the full version. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
X	memory	outlookrem.exe	Added by the NOPIR.C WORM!
X	Memory Allocation Host	cihost.exe	Detected by Avast as a variant of the IRCBOT-CHZ WORM!
X	Memory Allocation Server	ciserv.exe	Added by an unidentified malware
X	Memory Allocation Services	cisrv.exe	Detected by Trend Micro as the IRCBOT.FC TROJAN! See here
X	Memory Check	memore.exe	Added by the KILLAV.C TROJAN!
X	Memory manager	himem32.exe	Added by the MANCSYN TROJAN!
X	Memory Manager	memorymanager.pif	Added by the DELF-JJ TROJAN!
X	Memory relocation service	reloc32.exe	Added by the RELFEERWORM!
X	Memory Service	freememory.exe	Added by the RBOT.GEN WORM!
N	Memory Stick Monitor	MSTAT.exe	Used with the Sony floppy disk adapter for memory sticks, showing if there is a stick in the computer
U	Memory Stick Monitor	MSstat.exe	Sony/SmartDisk memorystick-floppydisk-adapter software - allows you to read memorysticks in a normal floppydrive
X	Memory Watcher	MemoryWatcher.exe	MemoryWatcher spyware
U	Memory+	tfimemsr.exe	Memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
U	MemoryBoost	MemoryBoost.exe	MemoryBoost - memory optimizing program made by Tenebril Inc. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/ME. See this article and make up your own mind
U	MemoryCardManager	MemCard.exe	Memory Card Manager - for removable memory cards found on Dell or Lexmark photo printers
X	MemoryManager	[random name].dll	Virtumondo adware related
X	MemoryMeter	MemoryMeter.exe	Autoinstalling spyware by Total Velocity
U	MemoryZipperPlus	memzip.exe	Memory Zipper Plus - "optimizes the memory management of your system and boost-up its performance amazingly!"
X	memreader.exe	memreader.exe	Added by the AGOBOT-TY WORM!
X	MEMreaload	MEMreaload.exe	Added by the LAZAR TROJAN!
X	MemScanner	MemScanner.exe	Part of Enigma SpyHunter - not recommended, see note
U	MemTurbo	memturbo.exe	MemTurbo memory optimizer. MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
N	MenuSnap	MenuSnap.exe	MenuSnap from Rietta Solutions. Utility that re-orders your Start Menu items alphabetically. You may not want this utility if you're able to do this manually by selecting Start -> Programs and right-clicking and choosing "Sort by Name" if availabe
N	Mercora	MercoraClient.exe	Mercora MusicSearch "Search, find and listen to music on the world's largest jukebox, built by people just like you". Note - if you subscribe make sure you read the Privacy Policy
X	Message Queuing	msmqs.exe	Added by the FREEFORS TROJAN!
N	MessagerStarter Freeserve	StartMessager.exe	Freeserve Messenger
U	Message_Blocker	messageblock.exe	Message Blocker - "prevents Outlook Express from loading images or other content from the internet without confirmation, as well as executing scripts when displaying a formatted email message"
X	Messanger	trillian.exe	Added by the RBOT.CKI WORM!
X	Messanger	deamon.exe	Added by the TACTSLAY.C TROJAN!
X	Messanger	msgaol.exe	Added by the TACTSLAY.C TROJAN!
Y	Messanger	s_menu.exe	Added by the TACTSLAY.C TROJAN!
X	Messanger	browse.exe	Added by the TACTSLAY.C TROJAN!
X	Messenger	messenger.exe	Added by the KUTEX TROJAN!
X	Messenger	ntsubsys.exe	Added by the SDBOT.BGE WORM!
X	Messenger	Wmsngr.exe	Added by a variant of the RBOT WORM!
Y	Messenger	SCANMSG.EXE	AntiVirus Quick Heal - virus protection
X	Messenger Block	msngrblock.exe	Added by the PATOO WORM!
X	Messenger Journel	usnsvc.exe	Detected by Trend Micro as the RBOT.FKT WORM! See here
X	Messenger Protocol	netsender.exe	Added by the SDBOT-ACC WORM!
X	Messenger Service	msmsgs.exe	Added by the SDBOT-ZB WORM!
X	Messenger Service	nvhost.exe	Added by the JLOK-A WORM!
X	Messenger Service Updater	svshost.exe	Added by the MYTOB.GC WORM!
X	Messenger Sharing Control	mnwsvc.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Messenger start-up	Msgran.exe	Added by the GRAMOS WORM!
X	Messenger6	command.pif	Added by the INZAE.B WORM!
U	MessengerDiscovery	MessengerDiscovery.exe	MessengerDiscovery is a MSN Messenger add-on - adding over 70 new features. Now superseeded by MessengerDiscovery Live - with support added for Windows Live
N	MessengerPlus	MsgPlus.exe	MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
N	MessengerPlus2	MsgPlus.exe	MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
N	MessengerPlus3	MsgPlus.exe	MessengerPlus - third party MSN Messenger extension that adds a number of useful features. Bundles the hard to remove C2Media LOP adware. The software does offer you a choice during setup - make sure to install MessengerPlus WITHOUT that "sponsor program"!
X	messengerskinner	MessengerSkinner.exe	Messenger Skinner malware - uses a rootkit to hide executable files
X	messnger	[worm filename]	Added by the DELODER WORM!
X	messnger	Dvldr32.exe	Added by the DELODER.A WORM!
N	Metacafe	MetacafeAgent.exe	Metacafe - video sharing on the web. Note - if you subscribe make sure you read the Privacy Policy
X	MeTaLRoCk (irc.musirc.com) has sex with printers	metalrock-is-gay.exe	Added by the RANDEX.Q WORM!
X	MeuPrograma	accwizz.exe	Added by the RULAND.A WORM!
X	Mfc*.exe [ = random char]	Mfc*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Mfc*32.exe [ = random char]	Mfc*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
?	mfgboot	??	??
X	mFilter	MNeck.exe	Added by the CLICKER-AG TROJAN!
X	mfin32	mfin32.exe	MyFreeInternetUpdate - adware downloader
Y	MFP Server Agent	MFPAgent.exe	Multi Function Printer (MFP) Server Agent for Belkin's Wirless G All-in-One Print Server and ZyXEL's NPS-520
?	MGA Hook	Mgahook.exe	MATROX Graphics card related. What does it do and is it required?
N	MGA Quickdesk	MGAQDESK.EXE	For Matrox video cards. Quick access to tweak your card to your liking
U	Mgabg	Mgabg.exe	Matrox BIOS Guard - monitors a Matrox card's BIOS, and will reflash it when needed. Cards like the G400 have a nasty habit of losing their BIOS, especially on poor power supplies. If you make an emergency BIOS disk with the utility in their BIOS package, you can disable Mgabg.exe and just use the crash disk if/when needed
Y	mgavctrl	mgavrtcl.exe	McAfee's Virus Scan Online
Y	mgavctrl	mgavrte.exe	McAfee's Virus Scan Online
Y	mgavrtclexe	mgavrtcl.exe	McAfee's Virus Scan Online
Y	mgavrtclexe	mgavrte.exe	McAfee's Virus Scan Online
N	MGA_CD_Install	mgasetup.exe	Matrox Millennium video driver. Not required once drivers installed
X	mgmtapi	mgmtapi.exe	Unidentified malware
X	MHDOGStart	mhdogst.EXE	Added by an unidentified VIRUS, WORM or TROJAN! A possibility is a trojan known as PENIS
N	MHINIT	MHINIT.EXE	Part of the Cybermedia Clean Sweep package
X	mhs3	mhs3.exe	Added by the PWS-ALZ TROJAN!
X	Mi7sft sdce	b0yz.exe	Added by the RBOT.CWG WORM!
X	Mi7sft sdce	MNSQ.exe	Added by the RBOT.DMU WORM!
X	Mi7sft sdce	scorti.exe	Added by the RBOT.ELC WORM!
X	Mickey Mouse Cereal	[random filename].exe	Added by the RANKY.Q TROJAN!
X	Micosoft Data Core	runservice.exe	Added by the IRCBOT.BK WORM!
X	Micosoft Data Core stuff	svshosts.exe	Added by the RBOT.FZA WORM!
X	Micr Update	soundblaster.exe	Added by the SDBOT.NP WORM!
X	Micr Update System	upwin.exe	Added by the SDBOT.YS WORM!
X	Micr0s0ft Ms D0s	msdx.exe	Added by the RBOT-AON WORM!
X	Micr0s0ft Upd4t4z	svchost32.exe	Added by the RBOT.ALF WORM!
X	Micrcoft Exploerer	spoolsal.exe	Added by the RBOT-AKK WORM!
X	Micrcoft Exploerer	svchose.exe	Added by the RBOT-ASL WORM!
X	Micrcoft Updat	spoolsae.exe	Added by the RBOT-AIB WORM!
X	Micrcoft Updat	spoolsaex.exe	Added by the RBOT-AJM WORM!
X	Micrcoft Updat	Internet.exe	Added by the RBOT-ANA WORM!
X	Micrcsoft Certificate Services	cflmon.exe	Added by the RBOT-FWV WORM!
X	Micro CRC Protocol	scrc32.exe	Added by a variant of the SDBOT WORM!
X	Micro Office	[path to trojan]	Added by the BANCBAN-QC TROJAN!
X	Micro Process	appconf.exe	Added by an unidentified WORM or TROJAN!
X	Micro Update	dailin.exe	Added by the RBOT-ER WORM!
N	Microangelo Desktop	Muamgr.exe	Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
N	microAttuneDownload	atmdlusr.exe	Application Launcher, MS Office application. USR (US Robotics) modem auto updater. May be a sub-set of Attune
U	MicroBrew	MicroBrew2.exe	Related to Bluebeam PDF printer support. Prints AutoCAD .dwgs to PDF's
X	MicroCQ0	explorer.exe	Added by the LINEAGE-AK TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the Program Files folder
U	MicroDialler	atdialler1.exe	Part of the Freeserve Connection Kit - changes the dial-up for Freeserve AnyTime if access problems are encountered
X	MicroedSoft Toolbar	Smoked.exe	Added by the RBOT-ALN WORM!
X	Microfinder lptt01	mcf.exe	RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	Microfinder ml097e	mcf.exe	RapidBlaster variant (in a "mcf" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here
X	Microfot Update	winldx32.exe	Added by a variant of the RBOT WORM!
X	Microft Exploerer	spoolsac.exe	Added by the RBOT-AMD WORM!
X	Microft Update 32	winssx.exe	Added by the RBOT-AQS WORM!
X	MicroLoad	[random filename]	Added by the DARBY WORM!
X	Micromedia Flash Update	wdfmrg.exe	Added by a variant of the SDBOT WORM!
X	Micromedia Flash Update	xptxt.exe	Added by the RBOT-GAB WORM!
X	Microoft Timing	pupdate.exe	Added by a variant of the RBOT WORM!
X	MICROSFT ANTIVIRUS UPDATE SUPPORT	[random 10-letter filename].EXE	Added by the RBOT-AQA WORM!
X	MICROSFT ANTIVIRUS UPDATE SUPPORT	MSGUPDATED.EXE	Added by the RBOT-APZ WORM!
X	Microsft Conf 32	msaconf.exe	Added by the RBOT.EYA WORM!
X	Microsft Confige 32	msaconfigurez.exe	Added by the RBOT.CLC WORM!
X	Microsft Corporation Version 2001.12.4414	comrel.exe	Added by a variant of the SDBOT TROJAN!
X	Microsft Corporation Version 2002.12.2414	comserv.exe	Added by a variant of the SLAPER TROJAN!
X	MICROSFT MX UPDATE SUPPORT	taskmngrs.exe	Added by the RBOT-AUZ WORM!
X	MICROSFT MX UPDATE SUPPORT	winmx32.EXE	Added by the IRCBOT-FD WORM!
X	MICROSFT RAMA UPDATE SUPPORT	[random filename]	Added by the RBOT-ASM or RBOT-AUW WORMS!
X	MICROSFT RAMA UPDATE SUPPORT	MSN32.EXE	Added by the RBOT-AWJ WORM!
X	MICROSFT RAMA UPDATE SUPPORT	mtakthmyn.EXE	Added by the RBOT-AUJ WORM!
X	Microsft Security Monitor Process	cmh.exe	Added by a variant of the SDBOT WORM!
X	Microsft Security Monitor Process	mssmppp.exe	Added by a variant of the SDBOT WORM!
X	Microsft Security Monitor Process	mssmpp.exe	Added by a variant of the RBOT-FUB WORM!
X	Microsft Updtes	sarvice.exe	Added by a variant of the SDBOT WORM!
X	Microsft Upgraed	[random filename].exe	Added by a variant of the SDBOT WORM!
X	Microsft Windows Adapter 5.1.3013	[random filename]	Detected by Kaspersky as the SMALL.HIT TROJAN! See here
X	microsft windows updates	mwupdate32.exe	Added by a variant of the TOXBOT/CODBOT WORM!
X	Microsof Value	nmatt.exe	Added by a variant of the RBOT WORM!
X	Microsof Windows Host	svhost32.exe	Added by the RBOT.ADY WORM!
X	Microsof Winlog Host	wilogon32.exe	Added by the RBOT.XC WORM!
X	Microsofot x386 System Monitor	system32.exe	Added by the WOOTBOT.M WORM!
X	microsoft	svchost.exe	Added by the ASTEF or RESPAN WORMS! Note - this is not the legitimate svchost.exe process which should NOT appear in Msconfig/Startup!
X	microsoft	microsoft.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
X	Microsoft	win32.exe	Added by the DARKMOON TROJAN!
X	Microsoft	iexplore.exe	Added by the QQROB-R TROJAN! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft	svchost.exe	Added by the ADUYO-A TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Microsoft	wuauclt.exe	Added by the QQROB-AQ TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!
X	Microsoft	guard.exe	Added by a variant of the SDBOT WORM!
X	Microsoft	wcsntfy.exe	Added by the AGOBOT-AHT WORM!
X	Microsoft	ssmss.exe	Added by the RBOT-FZF WORM!
X	Microsoft	lsass.ppf	Added by the RBOT-GAA WORM!
X	Microsoft	msvchost.exe	Added by the RBOT-GAW WORM!
X	Microsoft	mixers.exe	Added by the AGOBOT-AHU WORM!
X	Microsoft	msmsger.exe	Added by a variant of the SDBOT WORM!
X	Microsoft	MSUPDATE.exe	Added by an unidentified WORM or TROJAN!
X	Microsoft	radnom.exe	Added by the RBOT-GHO WORM!
X	Microsoft	rtvcscan.exe	Added by the RBOT-GGU WORM!
X	Microsoft	taskbar.exe	Added by a variant of the RBOT WORM!
X	Microsoft	updater.exe	Added by the RBOT-GHP WORM!
X	Microsoft	windl32.exe	Added by the SDBOT-DCZ WORM!
X	Microsoft	aim.exe	Added by the RBOT-GRY WORM! Note - this is not the popular AOL Instant Messenger utility
X	Microsoft	Explorerr.exe	Added by the IRCBOT-WG TROJAN!
X	Microsoft	kasperskyLive32.exe	Added by the RBOT-GRT WORM!
X	Microsoft	msngerf.exe	Added by the RBOT-GLW WORM!
X	Microsoft	netsrv.exe	Added by the RBOT-GOS WORM!
X	Microsoft	rundll.exe	Added by the RBOT-GSJ WORM!
X	Microsoft	WinSecUp.exe	Added by the RBOT-GPL WORM!
X	Microsoft	wsim32.exe	Added by the RBOT-GTL WORM!
X	Microsoft	wplayer.exe	Detected by Kaspersky as the RBOT.DYU TROJAN! See here
X	Microsoft Associates, Inc.	iexplorer.exe	Added by a variant of the LOVGATE WORM!
X	Microsoft (C) HTML Application host	[random filename]	Added by the RBOT-YB WORM!
X	Microsoft (R) Windows Configuration Backup Service	svchost.exe	Added by the RANKY.X TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in either a "config", "mapping" or "security" subfolder of the Winnt or Windows folder
X	Microsoft (R) Windows DLL Loader	rundll32.exe	Added by the RANKY.W TROJAN! Note - this is not the legitimate rundll32.exe process, which is found in the Windows folder (98ME) or the System32 folder(NT2000XP). This file is located in a "dll" subfolder of the Winnt or Windows folder
X	Microsoft (R) Windows Network Latency Controller	1.tmp	Added by a generic password stealer TROJAN - see here
X	Microsoft (R) Windows Network Latency Controller	nlc.exe	Added by a generic password stealer TROJAN - see here
X	Microsoft (R) Windows Network Latency Controller	sp2vc.exe	Added by a generic password stealer TROJAN - see here
X	Microsoft (R) Windows Network Security Management Service	nsms.exe	Added by the RANKY.LC TROJAN!
X	Microsoft (R) Windows Protected Content Restoration Service	services.exe	Added by the AGENT.AGV TROJAN!
X	Microsoft (R) Windows Protocol Deployment Manager	[random].tmp	Added by an unidentified WORM or TROJAN!
X	Microsoft (R) Windows TCP/IP Socket Driver	[path to trojan]	Added by the PROXY-DD TROJAN!
X	Microsoft (R) Windows TCP/IP Socket Layer	services.exe	Added by the RBOT.ARM WORM! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "winsock" sub-foler of the Windows or Winnt folder
X	Microsoft (R) Windows Update Service	wuauclt.exe	Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!
X	Microsoft (R) Windows Vista/NT Runtime Compatibility Service	nrcs.exe	Added by the RANKY.X TROJAN!
X	Microsoft .NET Confingurator	msnconf.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsoft 16Bit Update	wuapdate16.exe	Added by the RBOT.CZ WORM!
X	Microsoft 64 Bit Runtime Updater	wupdt64.exe	Added by a variant of the RBOT WORM!
X	Microsoft ActiveX Debugger NT	[path to trojan]	Added by the BANCOS-DO TROJAN!
X	Microsoft Admin Protocal	MSADNIN.exe	Added by a variant of the RBOT WORM!
X	Microsoft ADservice	[random filename]	Added by a variant of the RBOT WORM!
X	Microsoft Agent	mdss32.exe	Added by the KEYLOG-AG TROJAN!
X	Microsoft Agent	svch0st.exe	Added by the VB-DRO WORM!
X	Microsoft ALG32 Protocol	alg32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft ALGXP Protocol	alg32.exe	Added by a variant of the SDBOT WORM!
X	Microsoft all	mmall.exe	Wopla.ac malware variant
N	Microsoft Announcement Listener	Annclist.exe	MS WebTV for Windows. Used to display TV on your PC via a compatible video card with in-built tuner (such as ATI All-In-Wonder). If you don't use it - uninstall it
X	Microsoft Ansti Update	msie.exe	Added by the RBOT-LE WORM!
X	Microsoft Anti-Spy	[random filename]	Added by a variant of the SDBOT WORM!
X	Microsoft AntiSpyware	Bazzi.exe	Added by the AHKER.J WORM!
X	Microsoft AntiSpyware	KT06.pif	Added by the IRCBOT.GEN WORM!
X	Microsoft AOL Instant Messenger	MSAOL32.exe	Added by the RBOT-AAI WORM!
X	Microsoft AOL32 Protocol	aol32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Application Center	mappc.exe	Added by a variant of the RBOT WORM!
X	Microsoft Application Manager	msapl32.exe	Added by the BROPIA-AE TROJAN!
X	Microsoft AUT Update	MSlti32.exe	Added by the RBOT-X WORM!
X	Microsoft AUT Update	MSlti16.exe	Added by the RBOT.EB WORM!
X	Microsoft Authority Service	lsass.exe	Added by the KALEL-D WORM! Note - this is not the legitimate lsass.exe process, which should not appear in Msconfig/Startup!
X	Microsoft auto update	winupdate.exe	Added by the BMBOT TROJAN!
X	Microsoft Auto Update	WINHLP16.EXE	Added by the RBOT.GY WORM!
Y	Microsoft auto update	wuauclt.exe	Added by the CULT-B TROJAN! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!
X	Microsoft Automatic Update Serivce	msautou.exe	Added by the RBOT-AOB WORM!
X	Microsoft Automatic Updater	Explorer.exe	Added by the RBOT-SG WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System32 subfolder
X	Microsoft AutoUpdater	svhost.exe	Added by the RBOT.QG WORM!
X	Microsoft Bool Value	MV2.exe	Added by a variant of the RBOT WORM!
X	Microsoft boot system cfg32	actboost.exe	Added by the BROPIA.R WORM!
U	Microsoft Broadband Networking	MSBNTray.exe	Microsoft Broadband Networking Tray Application
X	Microsoft Browser Services	Brwsr32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Browser Services	Brwsr64.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Cab Manager	exec.exe	Affilred adware
X	Microsoft Cab Manager	cab.exe	Added by the DELF-JJ TROJAN!
X	Microsoft Calculator	calc.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft checker	MsPMSPTv.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Client	mshost.exe	Added by the RBOT-AND WORM!
X	Microsoft Client Pc	spoolsrv.exe	Added by the RBOT-AQM WORM!
X	Microsoft Client/Server Runtime Server Subsystem	csrs.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Client/Server Runtime Server Subsystem	csrssa.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Command Line	wincmd.exe	Added by a variant of the RBOT WORM!
X	Microsoft Conf Ldr	sysconf.exe	Added by a variant of the SDBOT TROJAN!
X	Microsoft ConfgKeys	wurmgrd32.exe	Added by the RBOT-ARX WORM!
X	Microsoft Config	msconf.exe	Added by the RBOT.PV WORM!
X	Microsoft Config	MSCONF.EXE	Added by the RBOT-LG WORM!
X	Microsoft Config 32	msconfigx32.exe	Reported as the MSCONFIGX32 TROJAN! Possible Rbot variant
X	Microsoft Config 32bit	mscnfg32.exe	Added by the RBOT-Z WORM!
X	Microsoft Config File	config.exe	Added by the KILLFILES.GR TROJAN! This is malware that will attempt to delete all system dlls!
X	Microsoft Config Loader	msconfig32.exe	Added by the AGOBOT.XX WORM!
X	Microsoft Configoration Service	msconfigs.exe	Added by the RBOT-ETT WORM!
X	Microsoft Configs 32	msgconfigrs.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Configuration 35	microsot1.exe	Added by an unidentified TROJAN!
X	Microsoft Configure 32	msgconfigre.exe	Added by a variant of the GAOBOT/AGOBOT WORM!
X	Microsoft Connection Manager Monitor	cmmon.pif	Added by the RBOT-AKV WORM!
X	Microsoft Control Center	crtl.exe	Added by the RBOT-VX WORM!
X	Microsoft Core Support	MSxUP32.exe	Added by the RBOT-ANR WORM!
X	Microsoft Core Support	[random filename]	Added by a variant of the RBOT TROJAN!
X	Microsoft Corp SQL Certificates	sqlcer.exe	Added by the ZYBOT-C WORM!
X	Microsoft Corp SSL Certificates	windowz.exe	Added by the RBOT-GCZ WORM!
X	Microsoft Corp TLS Certificates	msauth.exe	Added by the RBOT-GAC WORM!
X	Microsoft Corp Updates	wupdates.exe	Added by the RBOT-AUU WORM!
X	Microsoft Corporaticn SQL Handler	sqlhandler.exe	Added by a variant of the RBOT WORM!
X	Microsoft Corporation	[random filename]	Added by various VIRUSES, WORMS & TROJANS!
X	Microsoft Corporation	jview.exe	Added by the RBOT-AOD WORM!
X	Microsoft Corporation Svchost Service	mssvc.exe	Added by a variant of the SDBOT WORM! See here
X	Microsoft Corporation Svchost Service	mswsc.exe	Added by the AGENT.MAB TROJAN!
X	Microsoft Corporation SYM monitor	mssym.exe	Added by the RBOT-GDB WORM!
X	Microsoft CP Web Manager	webcp.exe	Added by the IRCBOT.HP TROJAN!
X	Microsoft CPU Over Heat Manager	CPU.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft CPXP Protocol	cpxp.exe	Added by the RBOT.ATP WORM!
X	Microsoft Critical Services	svhhost.exe	Added by the AGOBOT-AJA WORM!
X	Microsoft Crs Fix Serv	wincrs.exe	Added by the SDBOT.BWF WORM!
X	Microsoft CRT Monitor Manager	crtmon.exe	Detected by Trend Micro as the ROBOTON.A WORM! See here
X	Microsoft CSRSS Service	nsmscrs.exe	Added by the RBOT-BPT WORM!
X	Microsoft CSRSS32 Protocol	csrss32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft CSRSS386 Protocol	csrss386.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Cvrt	mscvrt32.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsoft Data Helper	cihost.exe	Malware, possibly a variant of the LINST TROJAN
X	Microsoft Data Machine	csdata32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Database Handler	mssql32.exe	Added by the RANDEX.AX WORM!
X	Microsoft Datalog Application	msdata.exe	Added by a variant of the SDBOT WORM!
X	Microsoft DDE Control	wupades.exe	Added by a variant of the SDBOT WORM!
X	Microsoft DDEs Control	Erun.pif	Added by the RBOT-AMU WORM!
X	Microsoft Debug Service	dbgbgr.exe	Added by a variant of the RBOT WORM!
X	Microsoft Decryption Technology	Msfenoe.exe	Added by the SPYBOT-DG WORM!
X	Microsoft Desktop Manager	msdesk32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Dev	iexplorer32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Development Debugger	msdev.exe	Added by a variant of the RBOT WORM!
X	Microsoft Development Services	msdevelop.exe	Added by the RBOT-FWS WORM!
X	Microsoft Device Manager	msdevmgr32.exe	Added by the LATEDA.B TROJAN!
X	Microsoft Device Manager	mscmtl32.exe	Detected by Kaspersky as the AGENT.BMQ TROJAN! See here
X	Microsoft Device Manager	svcswin.exe	Added by the IRCBOT-YH TROJAN!
X	Microsoft Diagnostic	[random filename]	Added by the ACEBOT TROJAN!
X	Microsoft Diagnostic	msdiag32.exe	Added by the RBOT-UC WORM!
X	Microsoft Digital Clock	msclock.exe	Added by the NACKBOT-D WORM!
X	Microsoft Digital Cryptors	mdigits.exe	Added by the SDBOT.LM WORM!
X	Microsoft DirectX	Spoolserv.exe	Added by the DINFOR WORM!
X	Microsoft DirectX	rasmngr.exe	Added by a variant of the RBOT WORM!
X	Microsoft DirectX	PDSched.exe	Added by the SDBOT.CN WORM!
X	Microsoft DirectX	wuamgrd.exe	Added by the SDBOT.MY WORM!
X	Microsoft DirectX	time123.exe	Added by the SDBOT.MD WORM!
X	Microsoft Directx	directxat.exe	Added by the SDBOT-BXF WORM! Note - disables autostart for the SharedAccess service and deactivates the Microsoft Internet Connection Firewall (ICF)
X	Microsoft Directx click	directxclick.exe	Added by a variant of the RBOT-GHT WORM!
X	Microsoft Directx clicks	directxclickers.exe	Added by the RBOT-GHT WORM!
X	Microsoft Directx push	directxpushup.exe	Added by a variant of the RBOT-GHT WORM!
X	Microsoft Directxsp	directxbt.exe	Added by a variant of the RBOT-GHT WORM!
X	Microsoft Directxspnew	directxnew.exe	Added by a variant of the RBOT-GHT WORM!
X	Microsoft DirktorWin	[random filename]	Added by the SPYBOT.GEN3 TROJAN!
X	Microsoft Disk Scanner	scansdisk.exe	Added by the WOOTBOT.DT WORM!
X	Microsoft DLL	fumeta.exe	Added by the RBOT-AUG WORM!
X	Microsoft Dll	runapidll.exe	Added by the RBOT-GRG WORM!
X	Microsoft DLL Authentification	dllsecure.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft DLL Extensions	SystemDll.exe	Added by the RBOT-ADV WORM!
X	Microsoft dll Host Service	wkssr.exe	Added by a variant of the SDBOT WORM!
X	Microsoft DLL Host Service	dllmemhost.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft DLL Host Service	svcdllhst.exe	Added by the AGENT.EAK TROJAN!
X	Microsoft dll Host Service	svchost.exe	Detected by Kaspersky as the RBOT.BMS WORM! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	Microsoft DLL Library	winlib32.exe	Added by the ATNAS.A WORM!
X	Microsoft Dll Management	windll.exe	Added by the RBOT-MT WORM!
X	Microsoft Dll Manager	microsoft32dll.exe	Detected by Trend Micro as the SHEUR.LH TROJAN! See here
X	Microsoft DLL Monitor	dllmon32.exe	Detected by Trend Micro as the AGENT.WP WORM! See here
X	Microsoft DLL Monitor	dllmon64.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft DLL Monitor	dllmonitor.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Dll Printer Manager	dllpt.exe	Added by the SDBOT.BIH WORM!
X	Microsoft DLL Service	servicedll.exe	Detected by Trend Micro as the RCBOT.OX TROJAN! See here
X	Microsoft DLL Service	svcdll.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft DLL Source	dllsrc.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft DLL Verifier	file.exe	Added by the RBOT-AED WORM!
X	Microsoft DLL Verifier	chkfile.exe	Added by the RBOT-AOC WORM!
X	Microsoft DLL Verifier	csrssv.exe	Added by the RBOT-ATK WORM!
X	Microsoft DLL Verifier	mscon.exe	Added by the SDBOT.EAH WORM!
X	Microsoft DLL Verifier	winavguard.exe	Added by the SDBOT.AAD WORM!
X	Microsoft DLLSet32	dllset32.exe	Added by the RBOT.OZ WORM!
X	Microsoft DNS Query	msdns.exe	Added by a variant of the WOOTBOT WORM!
X	Microsoft DNSx	mdnex.exe	Added by the DELBOT-AI WORM!
X	Microsoft Document	krisp.exe	Added by the SDBOT-RQ WORM!
X	Microsoft Domain Controller	mstc.exe	Added by the NUGACHE.A WORM!
X	Microsoft Driver	faet.exe	Added by a variant of the RBOT WORM!
X	Microsoft Driver Control	windrv.exe	Added by the SDBOT.FW WORM!
X	Microsoft Driver Manager	mswindrv.exe	Added by the FORBOT-EZ WORM!
X	Microsoft driver update	Mshome.exe	Added by the SDBOT.BL WORM!
X	Microsoft Drivers	WSconf.exe	Added by a variant of the SDBOT WORM!
X	Microsoft ErgoPack	wserb32.exe	Added by the RBOT-RI WORM!
X	Microsoft EV32 Service	MSev32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Event Engine	EvtEngn.exe	Added by the RBOT-XV WORM!
X	Microsoft Excel	msexcel.exe	Added by the RBOT-TQ WORM!
X	Microsoft Excell	wuamngr32.exe	Added by the RBOT-QH WORM!
X	Microsoft Executing	microsoft.exe	Added by the AGOBOT.UV WORM!
X	Microsoft Explorer	svapache.exe	Added by the RBOT-VR WORM!
X	Microsoft Explorer	explorer.scr	Added by the RBOT-ADH WORM!
X	Microsoft Explorer	explorer.pif	Added by the SDBOT-ACX WORM!
X	Microsoft Explorer	explorer.exe	Added by the POEBOT-LY WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft Explorer Service	msexplore.exe	Detected by Kaspersky as the IRCBOT.AYB TROJAN! See here
X	Microsoft explorer Update	internal.exe	Added by an unidentified WORM or TROJAN!
X	Microsoft Explorer2	system.exe	Added by the IRCBOT.BS TROJAN!
X	Microsoft Explorer2	nome.exe	Added by the RANDEX.AA WORM!
X	Microsoft Explorer2	bitchbot.exe	Added by the SDBOT.EV WORM!
X	Microsoft EXPLOREXP Protocol	explorexp.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Features	ms32cfg.exe	Added by the RBOT.HO WORM!
X	Microsoft Features	msie.exe	Added by a variant of the RBOT WORM!
X	Microsoft File Demand Manager	wmgrdf.exe	Added by a variant of the RBOT WORM!
X	Microsoft Find Fast	Findfast.exe	Complete utter waste of space! Part of MS Office - searches disk drives for Office file types and creates an index to make opening them easier
X	Microsoft Firewall	firewallsp2.exe	Added by the RBOT-MC WORM!
Y	MICROSOFT FIREWALL CLIENT	ISATRAY.EXE	MS Internet Security and Acceleration Server - see here
X	Microsoft FixUp	pevblbvr.exe	Added by the RBOT.DWK WORM!
X	Microsoft FixUp	wnpzjpuw.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Games	gamemanager.exe	Added by the SPYBOT.AHQ WORM!
X	Microsoft Generic Update Manager	wupdate.exe	Added by the RBOT-AWC TROJAN!
X	Microsoft Genetic Procress	svchost.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Genuine Logon	msnmsg.exe	Added by the IRCBOT-XH WORM!
X	Microsoft Genuine Logon	svchost.exe	Added by the SDBOT.EXT WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	MicroSoft Getway Dire	[random filename]	Detected by Trend Micro as the IRCBRUTE.AM WORM! See here
X	MicroSoft Getway mqbol	[12 random letters].exe	Detected by Trend Micro as the RBOT.GBA WORM! See here
X	Microsoft Gina V Encryption	MSGINAV.EXE	Added by an unidentified VIRUS, WORM or TROJAN!
N	Microsoft Greetings Reminders	MHPRMIND.EXE	Microsoft Home Publishing greetings reminder
N	Microsoft Greetings Workshop Reminder	Gwremind.exe	You really want to be reminded about somebody's birthday at the expense of resources?
N	Microsoft Greetings Reminder	MHPRMINF.EXE	You really want to be reminded about somebody's birthday at the expense of resources?
X	Microsoft HDCP for NT	msdhcp.exe	Added by a variant of the RBOT WORM!
X	Microsoft HDCP for NT and Win9x	msdhcprs.exe	Added by a variant of the PEERBOT WORM!
X	Microsoft Help	svh0st.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Help Support	mshelp32.exe	Addded by the KELVIR-BF WORM!
X	Microsoft Help SVC	msnmngr.exe	Added by the SDBOT-PQ WORM!
X	Microsoft Help System	mshelp32.exe	CoolWebSearch parasite variant
X	Microsoft Host Protocol	svhost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Hosting Service	WINHOSTING.EXE	Added by the RBOT.AEV WORM!
X	Microsoft Hosts Service	Isass.exe	Added by a variant of the RBOT WORM!
U	microsoft hotmail monitor	mshotmon.exe	Added by the MYTOB-FL WORM!
X	Microsoft hren1	mmhren1.exe	Added by a variant of the AGENT.IWW TROJAN!
X	Microsoft Hyptertext Helper	mshtha.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft IDCN	mshe1p.exe	Added by an unidentified TROJAN!
X	Microsoft IE	Iexplore.exe	Added by the FORBOT-AG WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft IE Execute shell	IEExec.exe	Added by the ALADINZ.N TROJAN!
X	MicroSoft IE Sasser	ISASS.EXE	Added by the SDBOT.MX WORM!
X	Microsoft IIS	syshost.exe	Added by the FRANCETTE WORM!
X	Microsoft IIS	[filename]	Added by the FRANCETTE-S WORM!
X	Microsoft Inc.	iexplorer.exe	Added by a variant of the LOVGATE WORM!
X	Microsoft Incroporate	mfs.exe	Added by the RBOT-ANF WORM!
X	Microsoft Inet Xp..	teekids.exe	Added by the BLASTER.C WORM!
X	Microsoft Information Check	microsoft.exe	Added by the IRCBOT.AUH TROJAN!
X	Microsoft Install Shield Services	rundll64	Added by the RBOT-FSH WORM!
X	Microsoft Installshield	nundll32.exe	Added by the AGOBOT-AHZ WORM!
X	Microsoft Instant Messenger	msngmsngr32.exe	Added by the SPYBOTER.GEN TROJAN!
X	Microsoft Int Service	MsIntSrv.exe	Added by a variant of the RBOT WORM!
U	Microsoft Intellitype Pro	speedkey.exe	Additional keyboard shortcuts on MS programmable keyboard
X	Microsoft Internal AntiVirus Systems	dIlhost.exe	Added by the RBOT-AEV WORM!
X	Microsoft Internet	expl0rer.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Internet	windows32.exe	Added by the SDBOT-F WORM!
X	Microsoft Internet	wincfg16.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Internet Acceleration Utility	iau.exe	EasySearch adware
X	Microsoft Internet Acceleration Utility	[path to file]	Added by the AGENT-CX TROJAN!
X	Microsoft Internet Acceleration Utility	[path to trojan]	Added by the SMUTSRCH-A TROJAN!
X	Microsoft Internet Antivirus Protection	antivirus.exe	Detected by Kaspersky as the IRCBOT.BSK TROJAN!
X	Microsoft Internet Dumping Protocol	inetdump.exe	Detected by Kaspersky as the IRCBOT.BLL TROJAN! See here
X	Microsoft Internet Exp	iiexplorer.exe	Added by the RBOT-KX WORM!
X	Microsoft Internet Explorer	iexplore.exe	Added by the POEBOT-J WORM! Note - this is not the legitimate Internet Explorer iexplore.exe process which is always located in the Program FilesInternet Explorer folder and should not normally figure in Msconfig/Startup! This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft Internet Explorer	iexplorer.exe	Added by the SDBOT-XN WORM!
X	Microsoft Internet Explorer	crsys32.exe	Added by the RBOT.UZ WORM!
X	Microsoft Internet Explorer	movies.exe	Added by the BANCOS-DZ TROJAN!
X	Microsoft Internet Explorer	svzhost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Internet Explorer	mccagent.exe	Added by the DLOADER-UD TROJAN!
X	Microsoft Internet Explorer	sysini.exe	Added by the DELF-LN TROJAN!
X	Microsoft Internet Explorer	svchost.exe	Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
X	Microsoft Internet Explorer	lEXPLORE.EXE	Added by the RBOT-AMM WORM! Note - the executable is spelt with a lower case "L" rather than an lower or upper case "i" which is the case with Internet Explorer
X	Microsoft Internet Explorer Manager	ie.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Internet Explorer Update	ieupdate.exe	Detected by Trend Micro as the SHEUR.MH WORM! See here
X	Microsoft Internet Firewall	firewall.exe	Detected by PCTools as the IRCBOT.BMD TROJAN! See here
X	Microsoft Internet Firewall Manager	GMT16.exe	Added by the RANDEX.AT WORM!
X	Microsoft Internet Firewall Update	updater.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Internet Services	Smss32.exe	Added by the RBOT.MS WORM!
X	Microsoft Internet Syncing	inetsync.exe	Detected by Kaspersky as the IRCBOT.BLL TROJAN! See here
X	Microsoft Intrenet Explorer	goaw.pif	Added by the RBOT-API WORM!
X	Microsoft Intrenet Explorer	Soundsyst.exe	Added by the RBOT-AQU WORM!
X	Microsoft Intrenet Explorer	cnsg.pif	Added by the RBOT-ARO WORM!
X	Microsoft Intrenet Explorer	wcumrg.exe	Added by the SDBOT-AFD WORM!
X	Microsoft IPC	system.exe	Added by the NULLBOT TROJAN!
X	Microsoft IPC	svshost.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsoft IT Update	win64.exe	Added by the RBOT.GA WORM!
X	Microsoft IT Update	[random filename]	Added by a variant of the RBOT WORM!
X	Microsoft IT Update	IEserv.exe	Added by a variant of the RBOT WORM!
X	Microsoft IT Update	msupdate.exe	Added by a variant of the RBOT WORM!
X	Microsoft IT Update	winn43.exe	Added by a variant of the RBOT WORM!
X	Microsoft IT Update	svchsst.exe	Added by the RBOT-DH WORM!
X	Microsoft IT Update	win43.exe	Added by the RBOT-SA WORM!
X	Microsoft IT Update	windows.exe	Added by the RBOT-GL WORM!
X	Microsoft IT Update	winsyst32.exe	Added by the RBOT-FC WORM!
X	Microsoft IT Update	Rhost32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Java Virtual Machine	winscr32.exe	Added by a variant of the WOOTBOT WORM!
X	Microsoft Java Virtual Machine	MsConfiG.exe	Added by the FORBOT-DV WORM!
X	Microsoft Java Virtual Machine	msjvm.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Java Virtual Machine	javavm.exe	Added by a variant of the RBOT WORM!
X	Microsoft Java Windows Update	[filename]	Added by the RBOT-DZ WORM!
X	Microsoft JavaVM	msjarun.exe	Added by the RBOT-JW WORM!
X	Microsoft Kernel	Windows_kernel32.exe	Added by the NETSKY.AE WORM!
X	Microsoft Keyboard Enhance 2.0.	iasrecst.exe	Added by the BCKDR-QIL TROJAN!
X	Microsoft Keyboard Enhance V2.0	iasrecst.exe	Detected by F-Prot as the DOWNLOADER2.AILI TROJAN!
X	Microsoft LAN32 Protocol	lanXp.exe	Added by the RBOT-SS WORM!
X	Microsoft Lmhosting Service	lmhosts.exe	Added by the RBOT-RC WORM!
X	Microsoft Locals 332	[random filename]	Added by the RBOT-KU WORM!
U	Microsoft Location Finder	LocationFinder.exe	Microsoft Location Finder "is a client-side application that turns a regular WiFi enabled laptop, Tablet or PC into a location determining device without the addition of any separate hardware"
X	Microsoft Login	winlogin.exe	Added by the RBOT-AJP WORM!
X	Microsoft LSA layer	MSLSA32.exe	Added by the RBOT-AKZ WORM!
X	Microsoft Lsass Center	Isass.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Lsass Center	telecomes.exe	Added by a variant of the RBOT WORM!
X	Microsoft Lsass Manager	lsass.exe	Added by a variant of the SDBOT WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	Microsoft Lsass Service	wintcp32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft LSASS386 Protocol	scvhost32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft LV	[path to file]	Added by the BDL TROJAN!
X	Microsoft Machine	winjava.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft machine	blah.exe	Added by a variant of the RBOT WORM!
X	Microsoft machine	svchost.exe	Detected by Kaspersky as the RBOT.AEU TROJAN! See here. Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup!
X	Microsoft Machine Script	iexplorersis.exe	Added by the RBOT-CMH WORM!
X	Microsoft Macro Protection SubSsy	msacroprots386.exe	Added by the RBOT-KE WORM!
X	Microsoft Macro Protection Subsystems	msmacroprotxz.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Macro Protection Subsystems	Msmacroprot32.exe	Added by the RBOT.KN WORM!
X	Microsoft Manage Services	sychost.exe	Detected by Trend Micro as the SLENFBOT.AD WORM! See here
X	Microsoft Management	lmas.exe	Added by the FORBOT-CZ WORM!
X	Microsoft Management Console	lssas.exe	EasySearch adware
X	Microsoft Management Console	[path to trojan]	Added by the SMUTSRCH-A TROJAN!
X	Microsoft Management Console	lssas1.exe	Added by the DLOADR-AWD TROJAN!
X	Microsoft Manager	msmanager.exe	Added by the MYTOB.LF WORM!
X	Microsoft Map PC	mappc.exe	Added by a variant of the RBOT WORM!
X	Microsoft Mapped PC	mappedpc.exe	Added by a variant of the RBOT WORM!
X	Microsoft media	winmplayers.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Media Manager	medman.exe	Added by the RBOT.EUZ WORM!
X	Microsoft Media player 9	msmedia32.exe	Added by the RBOT-ADO WORM!
X	Microsoft media services	Iassd.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft media services	winmplayer.exe	Added by the RBOT.ZO WORM!
X	Microsoft MediaScope	winmes.exe	Added by the RBOT-XU WORM!
X	Microsoft Memory Dumping Protocol	memdump.exe	Detected by Kaspersky as the IRCBOT.BJK TROJAN! See here
X	Microsoft Memory Flow Cycle	flowcycle.exe	Detected by PCTools as the IRCBOT.WAD TROJAN! See here
X	Microsoft Memory Flow Cycle	flowcycles.exe	Detected by Kaspersky as the WAREZOV.AAK WORM! See here
X	Microsoft Message Machine	msmesg32.exe	Added by the SPYBOT.BI WORM!
X	Microsoft Messenger Management Controls	msmgmctl.exe	Added by the RBOT-APA WORM!
X	Microsoft messenger sd	msngersd.exe	Added by an unidentified TROJAN!
X	Microsoft Messenger Service	msmsg32.exe	Added by the RBOT.BOK WORM!
X	Microsoft Messenger XP	MSMSN32.exe	Added by the RBOT-ZP WORM!
X	Microsoft MicroP Protocol	wdgmr32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Movie Maker	Mmaker.exe	Added by the IRCBOT.C TROJAN! Note that this is not a valid Microsoft program
X	Microsoft MSGPLUS32 Protocol	msgplus32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft MSN Messenger	msnmnsgr.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft MSNGR32 Protocol	msngr32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft msnseru	msnseru.exe	Added by the RBOT-APB WORM!
X	Microsoft MsnST	msnst32.exe	Added by a variant of the RBOT WORM!
X	Microsoft MSUPDATE	SpoolSvc.exe	Added by the SXTB-A TROJAN!
X	Microsoft Neser Experience	nese.exe	Added by the RBOT-YH WORM!
X	Microsoft NetMeeting Associates, Inc.	NetMeeting.exe	Added by a variant of the LOVGATE WORM!
X	Microsoft Netview	gesfm32.exe	Added by the RANDEX.C WORM!
X	Microsoft Netview	mssvc32.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsoft Netview Component v5.1	msnv32.exe	Added by the RANDEX.F WORM!
X	Microsoft Network	msnet.exe	Added by the MOCKBOT.A WORM!
X	Microsoft Network	Networksystem.exe	Added by the SDBOT-AAI WORM!
X	Microsoft Network Daemon for Win32	Netd32.exe	Added by the SDBOT.R TROJAN!
X	Microsoft Network Host	svc0host.exe	Added by the SDBOT-AEN WORM!
X	Microsoft Network Neighbourhood	networknbh.exe	Added by the RBOT.DMN WORM!
X	Microsoft Network Services Controller	mmsvc32.exe	Added by the NANPY-A WORM!
X	Microsoft Networking Agent For SP2	msnac32.exe	Added by the SPYBOT.PEN WORM!
X	Microsoft Nod32 Service	nood32.exe	Added by the RBOT.EJP WORM!
X	Microsoft Norotn Anti Virus	mnhpot.exe	Added by the RBOT-GRO WORM!
X	Microsoft Norton Antivirus	norton.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft NotePad	notepad.exe	Added by a variant of the RBOT WORM!
X	Microsoft NT Drivers	ntdrv.exe	Added by the SDBOT.AJN TROJAN!
X	Microsoft NT Update	winexec32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Nvidia Video	nvidia.exe	Added by a variant of the SDBOT WORM!
N	Microsoft Office	Osa.exe	Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
N	Microsoft Office	Msoffice.exe	Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
X	Microsoft Office	MSMSGR.exe	Added by the GAOBOT.BB WORM!
N	Microsoft Office	Osa9.exe	Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
X	Microsoft Office	lserv.exe	Added by the SDBOT.MH WORM!
X	Microsoft Office	Microsoft Office.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
X	Microsoft Office	msoicons.exe	Added by the RBOT-ZI WORM! - NOTE - do no confuse with the legitimate Msoicons.exe file described here. The latter wil not be listed among your startups!
X	Microsoft Office	Nxcao.exe	Added by the RBOT-ZE WORM!
X	Microsoft Office	nxcxtpr.exe	Added by the RBOT-YG WORM!
X	Microsoft Office	svxhost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Office	msoffice32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Office	msoff.exe	Added by the RAKER-C TROJAN!
X	Microsoft Office	microsoft.exe	Added by the BANKER-VF TROJAN!
X	Microsoft Office	msvcp.exe	Added by the AGENT-XK TROJAN!
X	Microsoft Office	msmsgr.exe	Added by the GAOBOT.BB WORM!
X	Microsoft Office	mdm.exe	Added by the IBOT-A TROJAN! Note - this is not the Machine Debug Manager (also known as MDM7) which shares the same filename
N	Microsoft Office Fast Cache	Fastboot.exe	Part of MS Office 95 (v7.0). According to this it improves the performance. Most likely a predecessor of MS Find Fast and can be disabled
X	Microsoft Office Monitor	alg2k.exe	Added by the SDBOT-CZO WORM!
X	Microsoft Office Monitor	aql32.exe	Added by the RBOT-GCY TROJAN!
U	Microsoft Office OneNote 2003 Quick Launch	ONENOTEM.EXE	ONENOTEM.EXE is a part of the note taking program that ships with Microsoft Office 2003. It's required for the side note windows to work
X	Microsoft Office Quick Launcher	iau1.exe	Added by the DLOADR-AWD TROJAN!
N	Microsoft Office Shortcut Bar	Msoffice.exe	Alternative shortcuts to the Start -> Programs way of running applications installed as part of MS Office. Some people prefer it but a better way is to create Desktop Shortcuts if you want access these programs quickly
X	Microsoft Office Start	winupdates.exe	Added by the GAOBOT.BC WORM!
N	Microsoft Office Startup	Osa.exe	Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
N	Microsoft Office Startup	Osa9.exe	Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
X	Microsoft Office Studio	scvhvst.exe	Added by the RANDEX.CST WORM!
X	Microsoft OfficeXP	officeXP.exe	Added by the KILLAV.MA WORM!
X	Microsoft Oftice	msmsgs.exe	Added by the IRCBOT.ALT WORM! Note - not to be confused with msmsgs.exe, the well known MSN Instant Messaging application!
X	Microsoft Opeions	IEXwe.exe	Added by a variant of the RBOT WORM!
X	Microsoft Outlook Express Protocol	svchst.exe	Added by a variant of the RBOT WORM!
X	Microsoft Patch Update	bootini.exe	Added by the RBOT-FMN WORM!
X	Microsoft PC Health Remote Assistance File Open & Save controls	sfrcdlg32.exe	Added by the RBOT-AVY WORM!
X	Microsoft PCHealth32	[path to file]	Added by the NICE-A TROJAN!
X	Microsoft PCHealth32	NDDENB.exe	Added by the PWSYAHOO-A TROJAN!
X	Microsoft PCI Manager	mspci.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Personal Firewalls	bakw.exe	Added by the RBOT-KS WORM!
X	Microsoft Problem Doctor	windr128.exe	Added by the SMALLTRO.EF TROJAN!
X	Microsoft Problem Doctor	windr32.exe	Added by a variant of the SMALLTRO.EF TROJAN!
X	Microsoft Problem Doctor	windr64.exe	Added by a variant of the SMALLTRO.EF TROJAN!
X	Microsoft Proc Driver32	msprc.exe	Added by a variant of the WOOTBOT WORM!
X	Microsoft Procedure Call	MSPCALL.exe	Added by a variant of the RBOT WORM!
X	Microsoft Process Manager	process32.exe	Added by the CHECKOUT WORM! See here
X	Microsoft Profile Manager	profile.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft PSTCP32 Data	pstcp32.exe	Added by a variant of the RBOT WORM!
X	Microsoft QMGR	msnqmgr.exe	Added by the IRCBOT-S TROJAN!
X	Microsoft RDLL	sysconf32.exe	Added by a variant of the SDBOT TROJAN!
X	Microsoft Redirect	[path to file]	Added by the BANKER-FW TROJAN!
X	Microsoft Redirect	systen.exe	Added by the BANCOS-FO TROJAN!
X	Microsoft Regestry Edit Manager	regedit.exe	Detected by Trend Micro as the SHEUR.HC WORM! See here
X	Microsoft Regestry Manager	regedit32.exe	Added by a variant of the IRCBOT.ARD WORM!
X	Microsoft Regestry Manager	registry32.exe	Added by the IRCBOT.ARD WORM!
X	Microsoft Registro	svchostt.exe	Added by the BANCOS-DH TROJAN!
X	Microsoft Registry	csrse.exe	Added by the RBOT-PC WORM!
X	MicroSoft Remote Secure Service	MSRSS.exe	Added by a variant of the RBOT WORM!
X	Microsoft Restore	scrgrd.exe	Added by the SPYBOT.BR WORM!
X	Microsoft Router Manager	linksys.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Router Manager	router.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Rundll	windos.exe	Added by the SDBOT-WF WORM!
X	Microsoft Runtime	CfgDll32.exe	Added by the RANDEX.BD WORM!
X	Microsoft Safe Mode Manager	safemode.exe	Detected by Trend Micro as the IRCBOT.HM TROJAN! See here
X	Microsoft Scanreg	microsoftscanreg.exe	Added by the FRANRIV.A WORM!
X	Microsoft SCVHOST32 Protocol	scvhost32.exe	Added by a variant of the RBOT WORM!
X	Microsoft sddcE Contol	taskmnegr.exe	Added by the RBOT-AUM WORM!
X	Microsoft sdk temp	sdktemp.exe	Added by the RBOT-ANP WORM!
X	Microsoft SDKP3	mswinsdq.exe	Added by the RBOT-ARY WORM!
X	Microsoft Secure Messenger.NET Service	securitychk.exe	Added by the SDBOT.VT WORM!
X	Microsoft Security	winService.exe	Added by a variant of the RBOT WORM!
X	Microsoft Security Adviser	msavsc.exe	Detected by Kaspersky as the AGENT.ANQ TROJAN! See here
X	Microsoft security adviser	mssadv.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Security Center	savservices.exe	Added by the RBOT-ANU WORM!
X	Microsoft Security Center	wcsntfy.exe	Added by the SDBOT.BYD WORM!
X	Microsoft Security Controlers	fxsecues.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Security GManagers	[random filename]	Added by a variant of the SDBOT WORM!
X	Microsoft Security Hot Fix Update	mshotfix.exe	Affilred adware
X	Microsoft Security Management	winnt.exe	Added by the RBOT-MQ WORM!
X	Microsoft Security Management	winserv.exe	Added by the RBOT-MJ WORM!
X	Microsoft Security Management	winamp.exe	Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory
X	Microsoft Security Management	wuauct1.exe	Added by a variant of the RBOT WORM!
X	Microsoft Security Management	bling.exe	Added by the RBOT.XL WORM!
X	Microsoft Security Management	sp2fix.exe	Added by the RBOT.UB WORM!
X	Microsoft Security Manager	winamp.exe	Added by the RBOT WORM! Note - this is NOT the popular Winamp media player which resides in a "Winamp" subdirectory of the Program Files directory. This file is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft Security Monitor Process	mssmp.exe	Added by the RBOT-FUB WORM!
X	Microsoft Security Monitor Process	mnsmp.exe	Added by the RBOT-FUB WORM!
X	Microsoft Security Monitor Process	msmp.exe	Added by a variant of the RBOT-FUB WORM!
X	Microsoft Security Monitor Process	mssm32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Security Panager	[filename]	Added by the RBOT-ANL WORM!
X	Microsoft Security Panagers	[random filename]	Added by the RBOT-AIG WORM!
X	Microsoft Security Panagers	zzoboony.exe	Added by the RBOT-AOI WORM!
X	Microsoft Security Process	wininit.exe	Added by the RBOT-FKM WORM!
X	Microsoft Security System	mssecsys.exe	Added by the IRCBOT-WJ TROJAN!
X	Microsoft Security Update	security32.exe	Added by the DELF-JJ TROJAN!
X	Microsoft Server	rserv.exe	Added by the AGOBOT.AVS WORM!
X	Microsoft Server Applacations	msnmsg.exe	Added by a variant of the RBOT WORM!
X	Microsoft Server Applacations	wuauct1.exe	Added by a variant of the RBOT WORM!
X	Microsoft Server Applacations	lsasss.exe	Added by the RBOT-AQQ WORM!
X	Microsoft Server Applacations	Q8See.exe	Added by the SPYBOT.GEN3 TROJAN!
X	Microsoft Server Applacations	cli.exe	Added by the RBOT-GAQ WORM!
X	Microsoft Server Application	Sound.exe	Added by the RBOT-NE WORM!
X	microsoft server base	lass.exe	Added by a variant of the RBOT WORM!
X	Microsoft Server Process	svhst32.exe	Added by the BCKDR-QHR TROJAN!
X	Microsoft Service	microhost.exe	Added by the RBOT-LC WORM!
X	Microsoft Service	winsvc.exe	Added by the SPYBOT-DB WORM!
X	Microsoft Service	rundll.exe	Added by the POPO-A WORM! Note - this is NOT the Windows system file of the same name as described here
X	Microsoft Service 32	mssvc32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Service 32	sysddm32.exe	Detected by Kaspersky as the SDBOT.AKC TROJAN! See here
X	Microsoft Service Access Manager	Access.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Microsoft Service Boot	sboot.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Service Controller	services.exe	Added by the KALEL-D WORM! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X	Microsoft Service Disk Cycle	disksave.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Service Drivers	System.exe	Added by a variant of the RBOT WORM!
X	Microsoft Service Drivers	VSADNIM.exe	Added by a variant of the RBOT WORM!
X	Microsoft Service Execution Manager	execute.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Microsoft Service firewall Manager	firewall.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Service Host Manager	32svchost.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Service Host Process	svchost.exe	Added by the KRYNOS.B WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "Help" subfolder of the Winnt or Windows folder
X	Microsoft Service Login Manager	winlogin.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Service Manager	service32.exe	Added by a variant of the RBOT WORM! See here
X	Microsoft Service Manager	winsvc.exe	Added by a variant of the RBOT WORM! See here
X	Microsoft Service Pack	WindowsSP.exe	Added by the RBOT-RF WORM!
X	Microsoft Service Pack2.1	svchost2.exe	Added by a variant of the RBOT WORM!
X	Microsoft Services	lsserv.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsoft Services	lssrv.exe	Added by the RBOT.CW WORM!
X	Microsoft Services	services.exe	Added by the ALETS TROJAN! Note - this is not the legitimate services.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Windows or Winnt folder
X	Microsoft Services	lsrv.exe	Added by the RBOT-BK WORM!
X	Microsoft Services	svshost.exe	Added by the ALETS.B TROJAN!
X	Microsoft Services	bsc32.exe	Added by the BDOOR-AW TROJAN!
X	Microsoft Services	Smss32.exe	Added by the RBOT-AD WORM!
X	Microsoft Services	svssshost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Services	module.exe	Added by the LAVITS WORM!
X	Microsoft Services	msmpserv.exe	Detected by Trend Micro as the IRCBOT.BKA TROJAN! See here
X	Microsoft Services Unitd	MSU32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Servicez Manager	servicemgrz.exe	Added by the RBOT-ASN WORM!
X	Microsoft Session Manager Subsystem	smss.exe	Added by the KALEL-D WORM! Note - this is not the legitimate smss.exe process which should NOT appear in Msconfig/Startup!
X	Microsoft Setup Initializazion	localhost.exe	Added by a variant of the IRCBOT TROJAN!
N	Microsoft Sidewinder Game Controller Software	SWTRAY.EXE	MS SideWinder game controller system tray icon. Available via Start -> Programs
X	Microsoft Sinsup	odjiwjf.exe	Added by the RBOT-DN WORM!
X	Microsoft Software	sysinfo33.exe	Added by the RBOT.LS WORM!
X	microsoft software	***.exe E255 [ = random char]	Added by an unidentified WORM or TROJAN!
X	Microsoft software	cdaccess.exe	Added by the RBOT.ABK WORM!
X	Microsoft Software Update	nmon.exe	Added by the RBOT.HZ WORM!
X	Microsoft Sound Driver	sound32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Sound Technology	winsound.exe	Added by the RBOT-AGG WORM!
N	Microsoft Sound Volume Tool	mssvol.exe	This is a Blue version of the yellow speaker icon on the system tray and is used to edit advanced Sound Features that the MS DSS80 Speakers add. Should be accessible via Start -> Settings -> Control Panel
X	Microsoft Sounds	soundman.exe	Added by the RBOT-GCI WORM!
X	Microsoft SourceSafe	csrss.exe	Added by the WEBUS TROJAN! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	Microsoft SpA Service	msapps.exe	Added by the RBOT-VI WORM!
X	Microsoft SpA Service	win32.exe	Added by the RBOT.ATS WORM!
X	Microsoft SpA Service	Winupd32.exe	Added by the RBOT.LT WORM!
X	Microsoft Special offer	infoebay.exe	Added by a variant of the RBOT WORM!
X	Microsoft Spool ** Service	spool**.exe	Added by a variant of the IRCBOT TROJAN - where ** represents a 2 digit number
X	Microsoft Spool Server for Win32	spoolsrv.exe	Added by the RANDEX.H WORM!
X	MicroSoft ssas3s1	SADASDA.exe	Detected by PCTools as the RBOT.URF WORM! See here
X	Microsoft SSISVRI32 Protocol	ssisvri.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Standard Executions Library	win32lib.exe	Added by the RBOT-AUK WORM!
X	Microsoft standard protector	winsocks5.exe	Added by the SMALL.CF TROJAN!
X	Microsoft standard protector	[path to trojan]	Added by the STOX-C TROJAN!
X	Microsoft startup	wmpIayer.exe	Added by the IRCBOT.ACI TROJAN!
X	Microsoft Stuff you know	winslogin.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Sum32	sum32.exe	Added by the RBOT-YW WORM!
X	Microsoft Support	sys32ms.exe	Added by the RBOT-AHI WORM!
X	microsoft support	svchostt.exe	Added by the AGOBOT.AWN WORM!
X	Microsoft SVC	mssvc.exe	Added by the BIFROSE-UQ TROJAN!
X	Microsoft Svchost local services	winoem.exe	Added by the RBOT-FPE WORM!
X	Microsoft Svchost local services	winoem.exe	Added by the RBOT-FPE WORM!
X	Microsoft Svchost local services	nzm23.exe	Added by the RBOT-GMC WORM!
X	Microsoft Svchost local services	msnserver.exe	Added by the RBOT-GPM WORM!
X	Microsoft Syn Manager	Manager.exe	Added by the SDBOT.BEF WORM!
X	Microsoft Synchronization Manager	asgard.exe	Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft Synchronization Manager	bot.exe	Added by the SDBOT.IH WORM!
X	Microsoft Synchronization Manager	netscape.exe	Added by the RANDEX.AE WORM!
X	Microsoft Synchronization Manager	slhost.exe	Added by the SDBOT.YH WORM!
X	Microsoft Synchronization Manager	svhost.exe	Added by the SDBOT-PY WORM!
X	Microsoft Synchronization Manager	WinLoginnn.exe	Added by the SPYBOT.FO WORM!
X	Microsoft Synchronization Manager	winupdate.exe	Added by the SDBOT.ER WORM!
X	Microsoft Synchronization Manager	xXx.exe	Added by the SDBOT-KZ WORM!
X	Microsoft Synchronization Manager	___synmgr.exe	Added by the MASLAN.A or MASLAN.C WORMS!
X	Microsoft Synchronization Manager	al.exe	Added by the OPTXPRO.132 TROJAN!
X	Microsoft Synchronization Manager	win.exe	Added by the SDBOT.AK WORM!
X	Microsoft Synchronization Manager	java.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Synchronization Manager	svchosts.exe	Added by the SDBOT-LM WORM!
X	Microsoft Synchronization Manager	winlogon32.exe	Added by the SDBOT.AEU WORM!
X	Microsoft Synchronization Manager	svxhost.exe	Added by the SDBOT-ZU WORM!
X	Microsoft Synchronization Manager	wincfg32.exe	Added by the SDBOT.DO WORM!
X	Microsoft Synchronization Manager	screen.exe	Added by the SDBOT-ACO WORM!
X	Microsoft Synchronization Manager	devldr32.exe	Added by a variant of the RBOT WORM! Note - do not confuse with the legitimate Creative Labs devldr32.exe file
X	Microsoft Synchronization Manager	explorer.exe	Added by the SDBOT-AEA WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would only be in startups if you added it manually. This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft Synchronization Manager	firewire.exe	Added by the SDBOT-AFC WORM!
X	Microsoft Synchronization Manager	wmedia.exe	Added by the SDBOT.BFC WORM!
X	MicroSoft sys32	sysmsgr32.exe	Added by a variant of the SPYBOT WORM! See here
X	MicroSoft sys3s1	h4ckn3t.exe	Detected by PCTools as the RBOT.QTY WORM! See here
X	Microsoft System	msupdtm.exe	Added by the SPYBOT.PKC WORM!
X	Microsoft System	mssys32.exe	Added by the PETTICK.A WORM!
X	Microsoft System	sys.exe	Added by the RBOT.AKI WORM!
X	Microsoft System Backup	[random filename]	Added by the RBOT-AGM WORM!
X	Microsoft System Checkup	Cool.exe	Added by the DONK.B WORM!
X	Microsoft System Checkup	Wnetlib.exe	Added by the DONK.C WORM!
X	Microsoft System Checkup	dbnetlib.exe	Added by the DONK.L WORM!
X	Microsoft System Checkup	Keymgr.exe	Added by the DONK.M WORM!
X	Microsoft System Checkup	inetman.exe	Added by the DONK.O WORM!
X	Microsoft System Checkup	ntsysmgr.exe	Added by the DONK.S WORM!
X	Microsoft System Checkup	ntsysman.exe	Added by the SDBOT-QW WORM!
X	Microsoft System Checkup	libsysmgr.exe	Added by the SDBOT-CAF WORM!
X	Microsoft System Checkup	sysmgr.exe	Added by the SDBOT-OO TROJAN!
X	Microsoft System Checkup	netapi32.exe	Added by the DONK-E WORM!
X	Microsoft System Checkup	wnetmgr.exe	Added by the DONK.Q WORM!
X	Microsoft System Checkup	libsys32.exe	Added by the SDBOT-ACK WORM!
X	Microsoft System Debug	services32.exe	Added by the RBOT.AKH WORM!
X	Microsoft System DLL Services Configuration	windir32.exe	Added by the SDBOT-ACY TROJAN!
X	Microsoft System File	svchots.exe	Added by the RBOT.BYU WORM!
X	Microsoft System Firewall 2006.2	msmsgr.exe	Added by a variant of the SDBOT WORM!
X	Microsoft System Firewall 2006.2	msnmsgr.exe	Added by a variant of the SDBOT WORM! Note - this is not the valid MSN Messenger (now Windows Live Messenger) utility
X	Microsoft System Firewall 2006.2	reg32.exe	Added by a variant of the SDBOT WORM!
X	Microsoft System Init	mtmnr0.exe	Added by the SDBOT.BR TROJAN!
X	Microsoft System Monitor	monsys.exe	Added by the IRCBOT-YV TROJAN!
X	Microsoft System Monitor	system.exe	Detected by PCTools as the IRCBOT.AUT TROJAN! See here
X	Microsoft System NT	svhost.exe	Added by the SDBOT.COU WORM!
X	Microsoft System Restore Configuration	CBRSS.EXE	Added by a variant of the SPYBOT WORM!
X	Microsoft System Saver	[path to worm]	Added by the RBOT.BSK WORM!
X	Microsoft System Security Agent	MSTSA.EXE	Added by the RBOT.CCM WORM!
X	Microsoft System Service	dnservice.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft System Service	taskmgr1.exe	Detected by Kaspersky as the SDBOT.CSX TROJAN! See here
X	Microsoft System Service	winIogon2.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft System Service Device	mssdh.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft System Services	msnmgsr.exe	Added by the KELVIR.K WORM!
X	Microsoft System Services	msmsgr.exe	Added by the RBOT-ZH WORM!
X	Microsoft System Update	sysupdate.exe	Added by the SDBOT.DG WORM!
X	Microsoft system Value	sys57.exe	Added by a variant of the RBOT WORM!
X	Microsoft System32 Update	cmsrg.exe	Added by the RBOT-GN WORM!
X	Microsoft task tray monitor	ctray.exe	Added by a variant of the RBOT WORM!
X	Microsoft Task32 Protocol	taskmgr32.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Taskmanager Updater	keyboard.exe	Added by the RBOT-ALU WORM!
X	Microsoft TCP Protocol	wintcp32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft TCP/IP Connection Monitor	svchost32.exe	Added by the RBOT.KS WORM!
X	Microsoft Telecom Center	tellecom.exe	Added by a variant of the RBOT WORM!
X	Microsoft Telecoma Center	tellcoma.exe	Added by the RBOT-AWX WORM!
X	Microsoft Telecoms Center	telcoms.exe	Added by the IRCBOT.GEN WORM!
X	Microsoft Telecoms Center	xpfilesys.exe	Added by the RBOT.BCJ TROJAN!
X	Microsoft Telecoms Center	winupn.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Telecoms Center	svcchost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Time Manager	dveldr.exe	Added by the RBOT-HQ WORM!
X	MicroSoft Toolbar	key.exe	Added by the RBOT-AEW WORM!
X	Microsoft Transfer File Server	mtfs.exe	Added by the RBOT.AFE WORM!
X	Microsoft Tray	[random filename]	Added by the DELF.BZ TROJAN!
X	Microsoft TTL Verifier	msttl.exe	Added by the RBOT-GAP WORM!
X	Microsoft U	wuamkopxp.exe	Added by the RBOT-AHC WORM!
X	Microsoft UMA Update	MSuma32.exe	Added by the RBOT.FS WORM!
X	MICROSOFT UNPACCKER SYSTEM	unpak32.exe	Added by a variant of the RBOT WORM!
X	MICROSOFT UNPACK SYSTEM	winrarx.exe	Added by a variant of the RBOT WORM!
X	Microsoft Updat3	mswkst32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	Microsoft.exe	Added by the GAOBOT.AFJ WORM!
X	Microsoft Update	mssmgrd.exe	Added by the SDBOT.JT WORM!
X	Microsoft Update	mvsc.exe	Added by the SPYBOT.DAZ WORM!
X	Microsoft Update	ascdl.exe	Added by the GAOBOT.SY WORM!
X	Microsoft Update	Isac.exe	Added by the RBOT-AU WORM!
X	Microsoft Update	automgr32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	mediap.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	Microsoftx.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	msconfg.exe	Added by the RBOT.H WORM!
X	Microsoft Update	Mslti32.exe	Added by the RBOT-LX WORM!
X	Microsoft Update	muamgrd.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Update	navmgrd.exe	Added by the SDBOT.DP TROJAN!
X	Microsoft Update	Smss32.exe	Added by the RBOT.CB WORM!
X	Microsoft Update	sys32cfg.exe	Added by the RBOT.DR WORM!
X	Microsoft Update	VPC32.EXE	Added by the AGOBOT.XM WORM!
X	Microsoft Update	winsys32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	wuamgrd.exe	Added by the RBOT-LK WORM!
X	Microsoft Update	wuammgr32.exe	Added by the RBOT-AW WORM!
X	Microsoft Update	wudmate.exe	Added by the RBOT.AP WORM!
X	Microsoft Update	msawindows.exe	Added by the GAOBOT.AFJ WORM!
X	Microsoft Update	msiwin84.exe	Added by the GAOBOT.AFJ WORM!
X	Microsoft Update	wuamgrd32.exe	Added by the RBOT.ZB WORM!
X	Microsoft Update	NAV.exe	Added by the RBOT-IV WORM!
X	Microsoft Update	systemi32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Update	xpupdate.exe	Added by the RBOT-QE WORM!
X	Microsoft Update	webm.exe	Added by the SDBOT.WK WORM!
X	Microsoft Update	wuagrd.exe	Added by the RBOT-FK WORM!
X	Microsoft Update	aaupdt.exe	Added by the RBOT-RQ WORM!
X	Microsoft Update	lsac.exe	Added by the GAOBOT.XW WORM!
X	Microsoft Update	Mupdate.exe	Added by the RBOT-AG WORM!
X	Microsoft Update	prowind32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Update	snlogsvc.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	svhost.exe	Added by the RBOT-PI WORM!
X	Microsoft Update	wauguard.exe	Added by the RBOT.AEE WORM!
X	Microsoft Update	winscv.exe	Added by the RBOT-BH WORM!
X	Microsoft Update	winsys.exe	Added by the RBOT-GV WORM!
X	Microsoft Update	wserv32.exe	Added by the RBOT.AF WORM!
X	Microsoft Update	wtm32.exe	Added by the RBOT-AQ WORM!
X	Microsoft Update	wumgrd.exe	Added by the SDBOT-KY WORM!
X	Microsoft Update	wuampd.exe	Added by the RBOT-UT WORM!
X	Microsoft Update	msupdate32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Update	Botnet.exe	Added by the RBOT.AFL WORM!
X	Microsoft Update	sghost.exe	Added by the SDBOT.AKV WORM!
X	Microsoft Update	update_w.exe	Added by the RBOT-EW WORM!
X	Microsoft Update	windows24.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	wingrd32.exe	Added by the RBOT-DW WORM!
X	Microsoft Update	wssvr.exe	Added by the RBOT-OD WORM!
X	Microsoft Update	wuamagr32.exe	Added by the SPYBOT.CG WORM!
X	Microsoft Update	WinUpdate32.exe	Added by the RBOT-TI WORM!
X	Microsoft Update	wkfix.exe	Added by the RBOT-ABZ WORM!
X	Microsoft Update	Kkk.exe	Added by the RBOT-AHL WORM!
X	Microsoft Update	mcupdate.exe	Added by the RBOT.XT WORM! Note - this file is located in the WindowsSystem32 or WinntSystem32 folder, and should not be confused with the McAfee antivirus executable as described here
X	Microsoft Update	Micr0s0ft.exe	Added by the AGOBOT.AAR WORM!
X	Microsoft Update	Msnmsngr.exe	Added by the RBOT.BQS WORM!
X	Microsoft Update	msupdate32.exe	Added by the SPYBOT.LZ WORM!
X	Microsoft Update	scvhost.exe	Added by the RBOT-AEM WORM!
X	Microsoft Update	svghost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	sys.exe	Added by the RBOT-AJ WORM!
X	Microsoft Update	up2dat5.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Update	winamp.exe	Added by a variant of the RBOT WORM! Note - this is NOT the popular Winamp media player
X	Microsoft Update	win-mang.exe	Added by the RBOT-AFK WORM!
X	Microsoft Update	winupdater.exe	Added by the RBOT.BIN WORM!
X	Microsoft Update	wuamk0032.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	wuamk032.exe	Added by the RBOT-AHD WORM!
X	Microsoft Update	wuamk0p32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	wuamkop.exe	Added by the RBOT-AFI WORM!
X	Microsoft Update	wuamkop32.exe	Added by the RBOT.BGU WORM!
X	Microsoft Update	wuampkd.exe	Added by the SDBOT.BBX WORM!
X	Microsoft Update	svzhost.exe	Added by the RBOT.OX WORM!
X	Microsoft Update	win32.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Update	wininit.exe	Added by the RBOT-AKR WORM!
X	Microsoft Update	wuamgrd3.exe	Added by the RBOT-AMC WORM!
X	Microsoft Update	Wudates.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	ms.exe	Added by the SDBOT.CC WORM!
X	Microsoft Update	wuagmsd.exe	Added by the RBOT-AX WORM!
X	Microsoft Update	cmss.exe	Added by the RBOT-ATQ WORM!
X	Microsoft Update	wuamgrb.exe	Added by the RBOT-AZE WORM!
X	Microsoft Update	WINDOC.EXE	Added by the SDBOT.PF WORM!
X	Microsoft Update	phqghumea.exe	Added by the SDBOT.AFO WORM!
X	Microsoft Update	system32.exe	Added by the RBOT.IS WORM!
X	Microsoft Update	bling.exe	Added by the RBOT-AVK WORM!
X	Microsoft Update	Sygate.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Update	update.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Update	WinDrv32.exe	Added by the RBOT.EGW WORM!
X	Microsoft Update	devmks32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	devmks32.exe	Added by a variant of the RBOT WORM!
X	Microsoft update	winupdate.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update	msupdate.exe	Added by the BOROBOT-I TROJAN!
X	Microsoft Update	mixer.exe	Added by the RBOT-AIR WORM!
X	Microsoft Update	taskmgr32.exe	Added by the RBOT-CV WORM!
X	Microsoft Update	drive.exe	Added by the BIFROSE-PN WORM!
X	Microsoft Update	wangard.exe	Added by the RBOT-LH WORM!
X	Microsoft Update	spool.exe	Added by the AGENT-GJC TROJAN!
X	Microsoft Update 23	NtKernelSystem.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update 23	spoolvs.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update 32	explore32.exe	Added by the SPYBOT.CYM WORM!
X	Microsoft Update 32	MSupdate32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Update 32	wininit.exe	Added by the RBOT-ANY WORM!
X	Microsoft Update 32	wininit32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update 32	[path to file]	Added by the RBOT-AJJ WORM!
X	Microsoft Update 32	mscnfg.exe	Added by the RBOT-ALM WORM!
X	Microsoft Update 32	servic.exe	Added by the RBOT-AXN WORM!
X	Microsoft Update 32	winitXP32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update 32	mssetup32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update 32	wiit.exe	Added by the RBOT-AMS WORM!
X	Microsoft Update 32	explorer.exe	Added by the RBOT-ARF WORM! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	Microsoft Update 32	network.exe	Added by the RBOT-ARZ WORM!
X	Microsoft Update 32	om4r.exe	Added by the RBOT-AQP WORM!
X	Microsoft Update 32	winin.exe	Added by the RBOT-ARR WORM!
X	Microsoft Update 32	wuinit.exe	Added by the AGOBOT-UE WORM!
X	Microsoft Update 32	neta.exe	Added by the RBOT-AMI WORM!
X	Microsoft Update 33	init.exe	Added by the RBOT-ATT WORM!
X	Microsoft Update 64 BIT	wininit32.exe	Added by the RBOT-AHE WORM!
X	Microsoft Update 64 BIT	winman32.exe	Added by the RBOT-AKI WORM!
X	Microsoft Update 64 BIT	schvost.exe	Added by the RBOT.CAU WORM!
X	Microsoft Update 64 BIT	winl32xe.exe	Added by the RBOT-AQO WORM!
X	MICROSOFT UPDATE CONFIGURATION	WIN32SNC.EXE	Added by the RBOT-AI WORM!
X	Microsoft Update Control	Ms64.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Debugger	wincfg32.exe	Added by the SPYBOT.ZC WORM!
X	Microsoft Update Device Drivers	wuauclt.exe	Added by a variant of the SDBOT WORM! Note - this is not the legitimate wuauclt.exe process, which should not appear in Msconfig/Startup!
X	Microsoft Update DLL	rxxhost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Drivers	explorers.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Update Emulator	kern-mxe.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Loader	[random filename]	Added by a variant of the RBOT WORM!
X	Microsoft Update Loaders 2005	winusers.exe	Added by the RBOT-AIQ WORM!
X	Microsoft Update Loaders 2006	winusersystem32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Update Machine	expl0rer.exe	Added by the SDBOT.OK WORM!
X	Microsoft Update Machine	rxhost.exe	Added by the RBOT.FC WORM!
X	Microsoft Update Machine	servicz.exe	Added by the RBOT-HU WORM!
X	Microsoft Update Machine	SP2.exe	Added by the SPYBOT.FP WORM!
X	Microsoft Update Machine	winini.exe	Added by the RBOT-KV WORM!
X	Microsoft Update Machine	xvshost.exe	Added by the RBOT.QP WORM!
X	Microsoft Update Machine	memstat.exe	Added by the RBOT-OM WORM!
X	Microsoft Update Machine	ntce.exe	Added by the RBOT-FA WORM!
X	Microsoft Update Machine	system03.exe	Added by the RBOT-NM WORM!
X	Microsoft Update Machine	wuawx.exe	Added by the RBOT-CE WORM!
X	Microsoft Update Machine	zonealarm.exe	Added by the RBOT-BZ WORM! Note - this is not the valid Zone Labs firewall program!
X	Microsoft Update Machine	systemll.exe	Added by the RBOT-JT WORM!
X	Microsoft Update Machine	winupdt.exe	Added by the RBOT-FP WORM!
X	Microsoft Update Machine	svshost.exe	Added by the RBOT.AK WORM!
X	Microsoft Update Machine	wuamgd.exe	Added by the SDBOT.HQ WORM!
X	Microsoft Update Machine	wupdt32x.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Update Machine	[random filename]	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	linux.exe	Added by the RBOT-IM WORM!
X	Microsoft Update Machine	lmrss.exe	Added by the RBOT-DY WORM!
X	Microsoft Update Machine	windowsu.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	wininigo.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	winmgr.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	Winmsixp32.exe	Added by the RBOT.DN WORM!
X	Microsoft Update Machine	Winregs32.exe	Added by the RBOT.DN WORM!
X	Microsoft Update Machine	winxpini.exe	Added by the RBOT-OB WORM!
X	Microsoft Update Machine	wuamgrd.exe	Added by the RBOT-HE WORM!
X	Microsoft Update Machine	wuagrd.exe	Added by the RBOT-GF WORM!
X	Microsoft Update Machine	LANWAKE.EXE	Added by the RBOT-QZ WORM!
X	Microsoft Update Machine	scvhost.exe	Added by the RBOT-GS WORM!
X	Microsoft Update Machine	winhost.exe	Added by the RBOT-GK WORM!
X	Microsoft Update Machine	winss.exe	Added by the RBOT.JU WORM!
X	Microsoft Update Machine	WUAMGRDXS.EXE	Added by the RBOT-GL WORM!
X	Microsoft Update Machine	crss32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	lsasse.exe	Added by the RBOT-DI WORM!
X	Microsoft Update Machine	qwerty.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	rxxhost.exe	Added by the RBOT.EP WORM!
X	Microsoft Update Machine	servicez.exe	Added by the SPYBOT.BI WORM!
X	Microsoft Update Machine	spoolserv.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	Systemnt.exe	Added by the RBOT.DA WORM!
X	Microsoft Update Machine	systemse.exe	Added by the RBOT-BD WORM!
X	Microsoft Update Machine	taskmngrs.exe	Added by the RBOT-CR WORM!
X	Microsoft Update Machine	windowsup.exe	Added by the RBOT-FV WORM!
X	Microsoft Update Machine	wuamgard.exe	Added by the SPYBOT.CS WORM!
X	Microsoft Update Machine	wupdate32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	system.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	TMEMSER.EXE	Added by the RBOT-NQ WORM!
X	Microsoft Update Machine	winnie.exe	Added by the RBOT-ACD WORM!
X	Microsoft Update Machine	winortho.exe	Added by the RBOT-NW WORM!
X	Microsoft Update Machine	wins32.exe	Added by the RBOT.EZ WORM!
X	Microsoft Update Machine	serviz.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	TASKMAN4.EXE	Added by a variant of the RBOT WORM!
X	Microsoft Update Machine	wftestb.exe	Added by the RBOT-AFZ WORM!
X	Microsoft Update Machine	Win32.exe	Added by the SDBOT.UV WORM!
X	Microsoft Update Machine	windns.exe	Added by the RBOT.EF WORM!
X	Microsoft Update Machine	MSOICONS.EXE	Added by the RBOT.AWS WORM! Note - do no confuse with the legitimate Msoicons.exe file described here. The latter should not normally figure in Msconfig/Startup!
X	Microsoft Update Machine	WINSVC32.EXE	Added by the RBOT.CU WORM!
X	Microsoft Update Machine	ntsystem.exe	Added by the RBOT.GF WORM!
X	Microsoft Update Machine	winupdte.exe	Added by the RBOT-GKL WORM!
X	Microsoft Update Machine	jkfrnz.exe	Added by the RBOT-GOZ WORM!
X	Microsoft Update Machine	wlimyc.exe	Added by the RBOT-GQN WORM!
X	Microsoft Update Manager	WINRLS.EXE	Added by the RBOT-AF WORM!
X	Microsoft Update Manager	svshost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Manager	scvhost.exe	Added by the AGOBOT.AXJ WORM!
X	Microsoft Update Manager	scvideo.exe	Added by the SDBOT-CVP TROJAN!
X	Microsoft Update Mechene	Updatez.exe	Added by the RBOT-GI WORM!
X	Microsoft Update Module	rundll24.exe	Added by the RBOT-PS WORM!
X	Microsoft Update Process	wmipcvse.exe	Added by the AGOBOT-JF TROJAN!
X	Microsoft Update Security Patch	mssecurityupdatepatch.exe	Added by the AGENT.EF TROJAN!
X	Microsoft Update Server	mssrv.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsoft Update Service	csrss32.exe	Added by the AGOBOT-HC WORM!
X	Microsoft Update Service	mswin32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft update service	systemm.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Update SERVICE	phqghum.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Service	msupdate.pif	Added by the RBOT-AQB WORM!
X	Microsoft Update Services	wcsnfty.exe	Added by the RBOT-AGK WORM!
X	Microsoft Update Services	wsnfty.exe	Added by the RBOT-AFU WORM!
X	Microsoft Update Time	wuam.exe	Added by the RBOT-M WORM!
X	Microsoft Update USB2	wuammgrd32.exe	Added by the RBOT-ADT WORM!
X	Microsoft Update v2.6	lxxex.exe	Added by a variant of the RBOT WORM!
X	Microsoft Update Win32a	winupdate32a.exe	Added by the RBOT-LO WORM!
X	Microsoft Update Win32x	winupdate32x.exe	Added by the RBOT-AJN WORM!
X	Microsoft Updater	Winsys32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Updater	msconsole.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Updater	svhost.exe	Detected by Kaspersky as the AGENT.CDF TROJAN! See here
X	Microsoft Updater	vbcjlg.exe	Added by a variant of the SPYBOT WORM! See here
X	Microsoft Updater	wuamgrds.exe	Added by the RBOT.A WORM!
X	Microsoft Updater Resources	WinFixd32.exe	Added by the SPYBOT.CA WORM!
X	Microsoft UPDATER32	lsass.exe	Added by the RANDEX.AR WORM! Note - this is not the legitimate Lsass.exe system file should normally NOT figure in Msconfig/Startup!
X	Microsoft Updaters	tskmgr.exe	Added by a variant of the RBOT WORM!
X	Microsoft Updaters	sysconfigs.exe	Added by the RBOT-DF TROJAN!
X	Microsoft Updaters Pros	WINDLL32XP.EXE	Added by the SPYBOTTER.GEN VIRUS!
X	Microsoft Updates	systemc32.exe	Added by the RBOT-GR WORM!
X	Microsoft Updates	wkssvr.exe	Added by the RBOT.R WORM!
X	Microsoft Updates	wkssvrs.exe	Added by the RBOT-EB WORM!
X	Microsoft Updates	wuamgrd.exe	Added by the RBOT-CO WORM!
X	Microsoft Updates	wtemp32.exe	Added by the RBOT-AHQ WORM!
X	Microsoft Updates	svehost.exe	Added by the RBOT-GRW WORM!
X	Microsoft Updates	svshost.exe	Added by the AGOBOT-AIW WORM!
X	Microsoft Updates	svdhost.exe	Added by the RBOT-GVH WORM!
X	Microsoft Updates 2 USB	wgafixer.exe	Added by a variant of the RBOT WORM!
X	Microsoft Updates 5 USB	sp3fixer.exe	Added by the RBOT-ADS WORM!
X	Microsoft Updates Resources	WinFixIDs.exe	Added by a variant of the RBOT WORM!
X	Microsoft Updating	navguard.exe	Added by the RBOT.HW WORM!
X	Microsoft Updating	syswr.exe	Added by a variant of the RBOT WORM!
X	Microsoft Updating	wuamguards.exe	Added by the RBOT-BY WORM!
X	Microsoft Updating Client	websvc.exe	Added by the RBOT.AQ WORM!
X	Microsoft Updating Machine	sysc0de.exe	Added by the RBOT.RB WORM!
X	Microsoft Updatting	miroupdate.exe	Added by a variant of the RBOT WORM!
X	Microsoft Updote	[random filename]	Added by the RBOT-ARC WORM!
X	Microsoft UpMachine	doezs.exe	Added by the RBOT.BCT WORM!
X	Microsoft upnp Update	msie.exe	Added by the RBOT-LQ WORM!
X	Microsoft uptime Service	sysuptime.exe	Added by the RBOT-ACG WORM!
X	Microsoft uptime Service	sycuptime.exe	Added by the RBOT-AHY WORM!
X	Microsoft UpToDate Driver (32-bits)	[random filename].exe	Added by the SPYBOT.LXJ WORM!
X	Microsoft Urlmon	urlmon.exe	Added by the AGENT-GOO TROJAN!
X	Microsoft USB2 Driver	crmss.exe	Added by the RBOT-VK WORM!
X	Microsoft usnsvc Service	usnsvc.exe	Added by a variant of the KOBOT-C WORM!
N	Microsoft Utility Startup	OSA9.exe	Application which launches common MS Office components to help speed up the launch of Office programs. It's somewhat of a resource hog, and some users claim there's no difference with or without it but it usually isn't required. Note - if you make use of the Microsoft Office Shortcut Bar outside an office program this application will need to be enabled for it to show
X	Microsoft Values	igfkishc.exe	Added by the RBOT-GLO WORM!
X	Microsoft Vertupdate	MSvert32.exe	Added by the MYTOB-CY WORM!
X	Microsoft Video Capture Controls	MSsrvs32.exe	Added by the SDBOT-AAK WORM!
X	Microsoft Video Controls	tskmsgr.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Viewer Monitor Manager	viewmon.exe	Detected by Trend Micro as the XPAK.A TROJAN! See here
X	Microsoft Virtual Service Manager	vservice32.exe	Detected by Trend Micro as the MSNWORM.T WORM! See here
X	Microsoft Virual Machine	sms.exe	Added by the RBOT-SP WORM!
X	Microsoft Visual Application	vpcrtf.exe	Added by the IRCBOT-XJ TROJAN!
X	Microsoft Visual SourceSafe	services.exe	Added by the NEVEG.B or NEVEG.C WORMS! Note - this is not the legitimate services.exe process, which should not appear in Msconfig/Startup!
X	Microsoft Visual SourceSafe	winlogon.exe	Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
X	MicroSoft Visual SP2	igfxsrvc32.exe	Detected by Trend Micro as the SDBOT.GAV WORM! See here
X	Microsoft Visual Studio	plscdksxg.exe	Added by the RBOT-AWV WORM!
X	Microsoft Visual Studio VSA	varpc32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Web CP Manager	webcp32.exe	Added by a variant of the SDBOT WORM! See here
X	Microsoft Web Device	wdevice.exe	Added by a variant of the SDBOT WORM!
X	Microsoft web update	webmsn.exe	Added by the RBOT-EMQ WORM!
U	Microsoft Webserver	svctrl.exe	Personal web server program which enables you to create and host a web server from your computer. Not required for most people
X	Microsoft Win Corp TLS Verification	mswintls.exe	Added by the RBOT-GCT WORM!
X	Microsoft WIN32 DOS	MSdos32.exe	Added by a variant of the SDBOT WORM!
X	Microsoft WIN32 Security	MSsec32.exe	Added by the RBOT-DOQ TROJAN!
X	MicroSoft Wind0ws Updater	winsupdater.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows	mstask0.exe	Added by the SDBOT.FQ WORM!
X	Microsoft Windows	atup	Added by a variant of the RBOT WORM!
X	Microsoft Windows	Microsoft Windows.hta	HTA file which creates an executable on the hard drive which subsequently proceeds to download files from a malware site!
X	Microsoft Windows	explorar.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows	[path to file]	Added by the LI TROJAN!
X	Microsoft Windows	bootini.exe	Added by the VANEBOT-K WORM!
X	Microsoft Windows	Kernel.exe	Added by the EDIBARA-A VIRUS!
X	Microsoft Windows	Kernel.vbs	Added by the EDIBARA-A VIRUS!
X	Microsoft Windows	pwjbvphi.exe	Added by the RBOT-GQK WORM!
X	Microsoft Windows 128bit Subsystem	system12.exe	Added by the RANCK-CZ TROJAN!
X	Microsoft Windows 16Bit	mswinn16.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Windows 2000	Winupdsdgm.exe	Added by the GAOBOT.AO WORM!
X	Microsoft Windows 32 Update	win32update.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Windows 32Bit	mswinn32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows 64 Bit	mswin32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Adapter 5.1.3214	[worm filename].exe	Detected by Trend Micro as the STRAT.GEN-3 WORM! See here
X	Microsoft Windows Client Firewall	msclt.exe	Added by the VANEBOT-F WORM!
X	Microsoft Windows Communicator for NT/XP	wincomm.exe	Added by the RBOT.ATH WORM!
X	Microsoft Windows Config 32	win32conf.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Control	mswctl32.exe	Added by the RBOT.JP WORM!
X	Microsoft Windows CSRSS	csrss.exe	Added by the KALEL-A WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	Microsoft Windows DHCP	___r.exe	Added by the MASLAN.A or MASLAN.C WORMS!
X	Microsoft Windows DLL 32-BIT	msncheck32.exe	Added by the SDBOT-XX WORM!
X	Microsoft Windows DLL Services	mwindll.exe	Added by the SDBOT-VX WORM!
X	Microsoft Windows DLL Services Configuration	newdll.exe	Added by the SDBOT-ZR WORM!
X	Microsoft Windows DLL Services Configuration	newdll2.exe	Added by the SDBOT-ABD WORM!
X	Microsoft Windows DLL Services Configuration	poker.exe	Added by the SDBOT-ZY WORM!
X	Microsoft Windows DLL Services Configuration	poker3.exe	Added by the SDBOT-AAH WORM!
X	Microsoft Windows DLL Services Configuration	proxy.exe	Added by the SDBOT-ZL WORM!
X	Microsoft Windows DLL Services Configuration	windir32.exe	Added by the SDBOT.BHF WORM!
X	Microsoft Windows DLL Services Configuration	windir32a.exe	Added by a variant of the SDBOT.BHF WORM!
X	Microsoft Windows DLL Services Configuration	windll32.exe	Added by the SDBOT.BHD WORM!
X	Microsoft Windows DLL Services Configuration	winDSL.exe	Added by the SDBOT-ZG WORM!
X	Microsoft Windows DLL Services Configuration	dllmanager32.exe	Added by the SDBOT-BTU WORM!
X	Microsoft Windows DLLHandler	bitpaint.exe	Added by the SDBOT.AHG WORM!
X	Microsoft Windows Drivers	windrv.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows DVR	windvr.exe	Added by the RBOT-AXD WORM!
X	Microsoft Windows Explorer	iexplorer.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Explorer	explorewin.exe	Added by the IRCBOT.WORM.212480.H WORM!
X	Microsoft Windows Files Loader	cgy32win.exe	Added by the RBOT-AXR WORM!
X	Microsoft Windows Game Updater	msgame32.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows GUI	Windowz.exe	Added by the RANDEX.AEV WORM!
X	Microsoft Windows GUI	msmonk32.exe	Added by the SDBOT-PE WORM!
X	Microsoft Windows Kernel Services	winkrnl386.exe	Added by the ZEBROXY TROJAN!
X	Microsoft Windows Loader	wloader.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Windows Logon Process	winlogon.exe	Added by the PROXYSER-R TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup and is always located in the System32 folder. This worm file is placed in the Winnt or Windows folder
X	Microsoft Windows Media Player	mediaplayer.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Media Player	wimp.exe	Added by the RBOT-FN WORM!
X	Microsoft Windows Registry Service	wregistry.exe	Added by the AGOBOT.AKG WORM!
X	Microsoft Windows Secure	windocs.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows Secure	windocs.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows Secure Server	rpcxWindows.exe	Added by the RBOT-LL WORM!
X	Microsoft Windows Secure Update	rpcxwinupdt.exe	Added by an unidentified WORM or TROJAN!
X	Microsoft Windows Securety	wurguar.exe	Added by the RBOT-KY WORM!
X	Microsoft Windows Security	spvsper.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows Security	wscndrives.exe	Added by the RBOT-AJK WORM!
X	Microsoft Windows Service	winsys.exe	Added by the RBOT-ADP WORM!
X	Microsoft Windows Service Pack	winspkn.exe	Added by the RBOT-AYD WORM!
X	Microsoft Windows Services	msw32.exe	Added by the RBOT-FWQ WORM!
X	Microsoft Windows Services Edt	ssvvcchhoosst.exe	Added by the RBOT-FYF TROJAN!
X	Microsoft Windows Services Edt	dllrun32.exe	Added by the RBOT-GAF WORM!
X	Microsoft Windows Session Manager Subsystem	smss.exe	Added by the PROXYSER-R TROJAN! Note - this is not the legitimate smss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the Winnt or Windows folder
X	Microsoft Windows Socketx32 Services	winsockx32.exe	Added by the RBOT-FWT WORM!
X	Microsoft Windows Storage Machine Service	winms.exe	Added by the RBOT-AHK WORM!
X	Microsoft Windows System	srwhost.exe	Added by a variant of the RBOT-ASW WORM!
X	Microsoft Windows System	syshost.exe	Added by the RBOT-ASW WORM!
X	Microsoft Windows System Kernel	kernel32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Windows System Service Manager	winsvc.exe	Added by the SPYBOT.LR WORM!
X	Microsoft Windows Task Management	mstasks.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows Task Manger	Mstosk.exe	Added by the SDBOT-WW WORM!
X	Microsoft Windows Tasks Management	taskmng.exe	Added by the RBOT-FXK WORM!
X	Microsoft Windows Updata	scvhost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Updata	windows.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Update	rundlls.exe	Added by the HABRACK WORM!
X	Microsoft Windows Update	msoffice2.exe	Added by the RBOT-GB WORM!
X	Microsoft Windows Update	spools.exe	Added by the SDBOT.TD WORM!
X	Microsoft Windows Update	svchos.exe	Added by the SDBOT.AC WORM!
X	Microsoft Windows Update	svcshost.exe	Added by the FORBOT-CF WORM!
X	Microsoft Windows Update	svmhost.exe	Added by the FORBOT-CH WORM!
X	Microsoft Windows Update	svshost.exe	Added by the WOOTBOT.CJ WORM!
X	Microsoft Windows Update	msnmessenger.exe	Added by the SDBOT.AJ WORM!
X	Microsoft Windows Update	msnwun.exe	Added by the SDBOT-RM WORM!
X	Microsoft Windows Update	scvvhost.exe	Added by the FORBOT-DH WORM!
X	Microsoft Windows Update	swwhost.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Update	MSNMSGR.EXE	Added by the SDBOT-WM WORM!
X	Microsoft Windows Update	svzhost.exe	Added by the FORBOT-EV WORM!
X	Microsoft Windows Update	sccvhost.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows Update	scrhost.exe	Added by the RBOT-AOW WORM!
X	Microsoft Windows Update	mnswinsx.exe	Added by the RBOT-AWH WORM!
X	MICROSOFT Windows update	pdate.exe	Added by the RBOT.BZT WORM!
X	Microsoft Windows Update	srshost.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows Update	rhost32.exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft Windows Update	windowsupdate.exe	Added by the AGOBOT.ON WORM!
X	Microsoft Windows Update Application	wuap.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Update Client	csrss.exe	Added by the KEBEDE-G WORM! Note - this is not the legitimate csrss.exe process, which should not appear in Msconfig/Startup!
X	Microsoft Windows Update Logon	win-logon.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Update Service	wupdmgr32.exe	Added by the DOS.AUTOCAT TROJAN!
X	Microsoft Windows Update x86	[various filenames]	Added by a variant of the RBOT WORM! Filenames seen include (but are not limited to firefox.exe, opera.exe, taskmrg.exe, aim.exe, Winxdiag.exe and usnesvc.exe
X	Microsoft Windows Update XP64	*******.exe [ = random char]	Added by a variant of the RBOT WORM!
X	Microsoft Windows Updater	winupdgm.exe	Added by the GAOBOT.BI WORM!
X	Microsoft Windows Updater	WINIUPDATES.EXE	Added by the RBOT-KK WORM!
X	Microsoft Windows Updater	WINUPDATE.EXE	Added by the SDBOT-PU WORM!
X	Microsoft Windows Updater	TMNTSrv.exe	Added by a variant of the RBOT WORM!
X	Microsoft Windows Updater	win32upd.exe	Added by the RBOT-EC WORM!
X	Microsoft Windows Updater	msnupdateit.exe	Added by the AGOBOT-RL WORM!
X	Microsoft Windows Updater	windates.exe	Added by the SDBOT.TE WORM!
X	Microsoft Windows Updater	spoolvs.exe	Added by the RBOT.ACQ WORM!
X	Microsoft Windows Updater	suvhost.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows updaterD	log32zx.exe	Added by the MYDOOM.W WORM!
X	Microsoft Windows Updates	explorer32.exe	Added by the SDBOT.VQ WORM!
X	Microsoft Windows Updates	wsap32.exe	Added by a variant of the SDBOT WORM!
X	Microsoft Windows Updating System	msresource.exe	Added by the RBOT-EAM WORM!
X	Microsoft Windows Visual V2.0	msiutil.exe	Added by the DELF.JPH TROJAN!
X	Microsoft Windows W32 Services	mssw32.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft Windows WinSaSS Management	winsass.exe	Added by the RBOT-APW WORM!
X	Microsoft Windows WKS Service	gt.exe	Added by the SDBOT.IR WORM!
X	Microsoft Windows WKS Service	mstask0.exe	Added by the SDBOT.FV WORM!
X	Microsoft Windows Workstation	devcode.exe	Added by the RBOT-AWL WORM!
X	Microsoft Windows XP Configuration Loader	m32svco.exe	Added by the SDBOT.WORM!.48548 WORM!
X	Microsoft Windows XP/2K Explorer	winexplorer.exe	Added by a variant of the IRCBOT TROJAN! See here
X	Microsoft Winedows WinServ	iPodFix.exe	Added by a variant of the RBOT WORM!
X	Microsoft WINGS32 Protocol	WinSGR32.exe	Added by the RBOT-APU WORM!
X	Microsoft WinRaR	winrar.exe	Added by the RBOT-AEC WORM!
X	Microsoft Winsock	mswinsck.exe	Added by the RBOT-ANK WORM!
X	Microsoft Winsock Service	msusvc.exe	Added by the RBOT-ANS WORM!
X	Microsoft Winsock Wrapper	ws2_32s.exe	Added by a variant of the SPYBOT WORM!
X	Microsoft WinSound	[random filename]	Added by a variant of the RBOT WORM!
X	Microsoft WinUpdate	mntcgf032.exe	Added by the RBOT-PF WORM!
X	Microsoft WinUpdate	svh0st.exe	Added by the SPYBOT.DL WORM!
X	Microsoft WinUpdate	syslx32.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsoft WinUpdate	syswin32.exe	Added by the RBOT-HO WORM!
X	Microsoft WinUpdate	spfix.exe	Added by a variant of the RBOT WORM!
X	Microsoft WinUpdate	Winamp61.exe	Added by a variant of the RBOT WORM!
X	Microsoft WinUpdate	Winupd32.exe	Added by the RBOT.MQ WORM!
X	Microsoft WinUpdate	WinNTinit32.exe	Added by the RBOT.VS WORM!
X	Microsoft WinUpdates	serm32.exe	Added by the RBOT.GE WORM!
X	Microsoft WM	mswm32.exe	Added by the BCKDR-AM TROJAN!
X	Microsoft Word	BootSector.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Microsoft Word Profissional	csrss.exe	Added by the BANCBAN-DB TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "s1613" subfolder
X	Microsoft Word Profissional	Java Plug In close.exe	Added by the BANKER-EL TROJAN!
X	Microsoft Word Profissional	csrss.exe	Added by the BANKER-DJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "protect" subfolder
X	Microsoft Word Profissional	csrss.exe	Added by the BANKER-DJ TROJAN! Note - this is not the legitimate csrss.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "JavaVM" subfolder
N	Microsoft Works Calendar Reminders	wkcalrem.exe	Produces a pop-up reminder of events scheduled using the MS Works Calendar
N	Microsoft Works Portfolio	WksSb.exe	The Works Portfolio tool lets you collect and organize text and pictures from the Web or your favorite program.Can be prevented from starting from a setting within Portfolio
N	Microsoft Works Update Detection	wkdetect.exe	Checks for updates to MS Works
X	Microsoft World Service	winworld.exe	Added by an unidentified IRC worm with backdoor capability!
X	Microsoft WPCEmail	svchost.exe	Added by the SNIFFER-N TROJAN!
X	Microsoft WWW	free.exe	Added by a variant of the CWS.AK TROJAN!
X	Microsoft Wxdate	Syswu32.exe	Added by the SPYBOT.HZ WORM!
X	Microsoft X Update	wuamkoppnp.exe	Added by the RBOT-ANI WORM!
X	microsoft xdaemon 2.0	xdaemon.exe	Added by the DELF.D TROJAN!
X	Microsoft XML Service	msxmlx.exe	Added by the RBOT.KS WORM!
X	Microsoft Xp Systems loader	winsystem32xp.exe	Added by the KELVIR.W WORM!
X	Microsoft Xp Systems loaders	win32xpsys.exe	Added by the SPYBOT.NYT WORM!
X	Microsoft XPSP Protocol	xp386.exe	Added by a variant of the RBOT WORM!
X	Microsoft xpsp2	Networksystem.exe	Added by a variant of the SDBOT WORM!
X	Microsoft xpsp2	xpsp2.exe	Added by the SDBOT-YQ WORM!
X	Microsoft's System Module	Sysmodule.exe	Added by the FJ TROJAN!
X	Microsoft--Updates	sxvhost.exe	Added by the RBOT-FH WORM!
X	Microsoft-software	***.exe [ = random char]	Added by a variant of the RBOT WORM!
X	Microsoft-Update	wngard.exe	Added by the RBOT-JV WORM!
X	Microsoft-Updates	svxhost.exe	Added by the RBOT-CT WORM!
X	Microsoft.exe	[random].exe	Added by a variant of the IRCBOT TROJAN!
X	Microsoft32	win32sys.exe	Added by an unidentified WORM or TROJAN!
X	microsoft420	microsoft420.exe	Added by the MENACE.B WORM!
X	Microsoft64	antiv.exe	Added by the SOBER WORM!
X	Microsoft? ActiveX Debugger NT	setdebugnt.exe	Added by the BANCOS-CZ TROJAN!
X	Microsoft? PID Lex	PIDLex.exe	Added by the NIOVADOOR TROJAN!
X	Microsoft? System Mapper	SysMap.exe	Added by the MAPSY TROJAN!
U	Microsoft? Windows? Operating System	ehTray.exe	Microsoft Media Center Tray Icon gives easy access to the digital media manager for Windows Vista Home Premium and Media Center Edition
N	Microsoft? Windows? Operating System	RunDLL32.exe ehuihlp.dll, BootMediaCenter	Starts Windows Media Center every time Windows Vista (Home Premium or Ultimate) boots. Disable by unchecking the "Start Windows Media Center when Windows Starts" option via Windows Media Center -> Tasks -> Settings -> General -> Startup and Window Behaviour
N	Microsoft? Windows? Operating System	rundll32.exe oobefldr.dll, ShowWelcomeCenter	Shows the Welcome Center every time you boot into Windows Vista
X	MicrosoftDriverService32	drsys32.exe	Detected by Trend Micro as the IRCBOT.AKX TROJAN! See here
X	Microsoftf DDEs ContDLL	rune.pif	Added by the RBOT-AGF WORM!
X	Microsoftf DDEs ContrDL	runm.pif	Added by the RBOT-AFQ WORM!
X	Microsoftf DDEs Control	lxes.exe	Added by the RBOT.BOF WORM!
X	Microsoftf DDEs Control	wees.exe	Added by a variant of the RBOT WORM!
X	Microsoftf DDEs Control	soff.pif	Added by the RBOT-AKH WORM!
X	Microsoftf DDEs Control	why-.exe	Added by the RBOT-AMV WORM!
X	Microsoftf DDEs Control	msnn.exe	Added by the RBOT-AXT WORM!
X	Microsoftf DDEs Control	FEnR.exe	Added by the RBOT-AIM WORM!
X	Microsoftf DDEs Control	w33s.exe	Added by a variant of the RBOT WORM!
X	Microsoftf DDEs Control	waes.exe	Added by a variant of the RBOT WORM!
X	Microsoftkeysd	systemproc.exe	Added by the FORBOT-BI WORM!
X	Microsoftkeysd	systemwin32s.exe	Added by the WOOTBOT.CO WORM!
X	Microsoftkeysds	lass32.exe	Added by a variant of the RBOT WORM!
X	MicrosoftKs	Drivers.bat	Added by the SHUTDOWN-F TROJAN!
X	microsoftm eegs cuntrol	loor.pif	Added by a variant of the RBOT WORM!
X	MicrosoftMessenger	msnserv.exe	Added by the DARKER.M WORM!
X	Microsoftmsn32.exe	microsoftmsn32.exe	Added by the CERTIF-C TROJAN!
X	MicrosoftMultimediaTask	Mmtask.exe	Adware downloader - not the valid MusicMatch Jukebox which shares the same filename
X	MicrosoftNetwork Daemon for Win32	NETD32.EXE	Added by the RANDEX.F WORM!
X	MicrosoftOEM	smvss.exe	Added by the DEDLER-G TROJAN!
X	MicrosoftROMDriverService	cdrss.exe	Detected by Kaspersky as the IRCBOT.BLF TROJAN! See here
X	Microsofts media	winmplayd.exe	Added by an undidentified WORM or TROJAN!
X	Microsofts media	wingtp.exe	Added by the RBOT-VO WORM!
X	Microsofts MediaScope	winmep.exe	Added by the RBOT-WB WORM!
X	Microsofts MediaScope	winmedplay.exe	Added by a variant of the RBOT WORM!
X	Microsofts Security Manager	**.exe [** = random char]	Added by the RBOT-WH TROJAN!
X	Microsofts Service	lcsrv16.exe	Added by a variant of the RBOT WORM!
X	Microsofts Updates	lsasss.exe	Added by the RBOT-AEX WORM!
X	Microsofts Updatez	cmsssr.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	Microsofts Updatez	exploirez.exe	Added by a variant of the RBOT WORM!
X	MicrosoftServiceManager	mstask32.exe	Added by the YAHA.P WORM!
X	MicrosoftServiceManager	Wintsk32.exe	Added by the YAHA.U WORM!
X	MicrosoftServiceManager	EXPLORERE.EXE	Added by the YAHA.AB WORM!
X	MicrosoftServiceManager	msupdat.exe	Added by the YAHA.AA WORM!
X	MicrosoftShell	Shellcomm.exe	Added by the BANCBAN-QG TROJAN!
X	MicrosoftSourceSafe	lsass.exe	Added by the WEBUS.B TROJAN! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X	MicrosoftSys	SPOOLSYS.exe	Added by the TARNO.N TROJAN!
X	MicrosoftUpdate	syshelper.exe	Added by the WOOTBOT.AC WORM!
X	MicrosoftUpdate	WinUp32.exe	Added by an unidentified VIRUS, WORM or TROJAN!
X	MicrosoftUpdate	MicrosoftUpdate.exe	Added by the BANKER-EHC TROJAN!
X	MicrosoftUpdate	windll.exe	Added by the RBOT-IH WORM!
X	MicrosoftUpdates	[path to trojan]	Added by the DELF-LO TROJAN!
X	MicrosoftValue	syscnfg.exe	Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside
X	Microsoftvirus	sysoverload.exe	Added by the FORBOT-AL WORM!
X	MicrosoftWindows	[various filenames]	MagicSearch - a CoolWebSearch parasite variant
X	MicrosoftWindows	a@26m.exe	Added by the KILLPAR-B TROJAN!
X	MicrosoftXP Service Pack 2	servicepack2.exe	Added by the RBOT.EMC WORM!
X	Microsoftz turn Control	aexl.exe	Added by the SDBOT.BCO WORM!
X	Microsoftz turn Control	read.pif	Added by the RBOT-AFS WORM!
X	Microsong	svchosts11.exe	Added by the SDBOT-EV WORM!
X	Microsot NT Support	[random filename].exe	Added by the RBOT-CTI WORM!
X	microsystem	snddrv.exe	Detected by Kaspersky as the VB.AXG TROJAN!
X	Microszoft Update Mach1nezs	svchst.exe	Added by the RBOT-ED WORM!
U	Microtek Scanner Finder	ScannerFinder.exe	Monitors whether a scanner is present. Provided with Microtek scanners
X	Microzoft_Ofiz	KdzEregli.exe	Added by the AMUS.A WORM!
X	Micrsoft CFG 32	lrbzus32.exe	Added by a variant of the AGOBOT/GAOBOT WORM!
X	Micrsoft DerSystem	uqieelpb.exe	Added by the RBOT-GRI WORM!
X	Micrsoft Driver	windrive.exe	Added by the SDBOT.AF TROJAN!
X	Micrsoft Driver	msdriver.exe	Added by the SDBOT-XD WORM!
X	Micrsoft Internet Explorer	IEXPL0RE.EXE	Added by the RBOT-AQV WORM! Note the number "0" in the filename
X	Micsoft-Published-Software	explrer.exe	Added by the RBOT-GFL WORM!
X	Micsorosft Security Center	wcnsfty.exe	Added by the RBOT-AHU WORM!
N	MightyFAX Controller	MFNTCTL.EXE	Mighty FAX from RKS Software - "installs a printer driver so that you can fax directly from Windows software"
?	MigrationVendorSetupCaller	rundll32.exe migrate.dll, CallVendorSetupDlls	??
X	Military Net Killer	MNK.exe	Added by the MILLNET-A WORM!
U	MilShieldSlave	ShieldWorker.exe	Mil Shield from Mil Incorporated. It protects your privacy by removing all tracks from your online or offline computer activities
N	MimBoot	mimboot.exe	Starts Musicmatch Jukebox at bootup - can be started manually
X	Mincer	Mincer.exe	Added by the MINCEME-A WORM!
U	Mindful	Mindful.exe	Mindful from Felitec inc. "Event reminder software with date and time tools in a simple to use system tray application"
X	MINIBUG	MINIBUG.EXE	Displays ads inside Weatherbug - see here
N	MiniEYE-MiniREAD Launch	ARLaunch.exe	eyeQ - improve your reading speed
N	MINIFERT.EXE	MINIFERT.EXE	Part of Backweb
U	minilog	MINILOG.EXE	If you don't have ZoneAlarm or ZoneAlarm Pro running you don't need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use
N	MiniMavis	MiniMavis.exe	Mavis Beacon typing tutor
X	minimo	[path to file]	Added by the MOSUCK-X TROJAN!
N	MiniNote	MININOTE.EXE	Mini NoteTab was the first in the family of "NoteTab" text and HTML editors from Fookes Software
?	Miniphone	glophone.exe	VoiceGlo Glophone Voice over Internet Protocol (VOIP) communications software - "an affordable and convenient way to call friends and family throughout the world using a dial-up or broadband Internet connection on your computer" - is it required in startup?
X	miniport	usb2chk.exe	Added by the LAZAR-A TROJAN!
X	MiniPortRt	miniport_mp.exe	Malware - see here
U	MiniReminder	MiniReminder.exe	"MiniReminder is a small, fast, and simple program for Microsoft Windows to remind yourself of important yearly events, like birthdays, anniversaries, renewals, etc"
X	MiniServer.exe	MiniServer.exe	Added by the LITTLEW-E TROJAN!
U	MinMaxExtender	Mmext.exe	MinMaxExtender - window handling tool
X	Mioft Wiws Seice ent	[worm filename].exe	Added by the RBOT-GIJ WORM!
X	Miosf Update	wimsqaad.exe	Added by the SDBOT.AG TROJAN!
U	MioSync	mioSync.exe	Related to Mio GPS navigation devices
N	Mirabilis ICQ	NDetect.exe	If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
N	Mirabilis ICQ	icq.exe	If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
N	Mirabilis ICQ	ICQNet.exe	If connected to the internet, automatically runs up ICQ. Convenience more than anything. ICQ can be started from Start -> Programs
U	Miramar Systems, Inc.	atmsg.exe	Miramar PC/Mac networking software
N	Miranda IM	miranda32.exe	Miranda instant messaging client
X	Mirate Sp 2 Information	miratesp2.exe	Added by the RBOT.QH WORM!
X	Mircosoft DNS Service	svchost.exe	Added by the IRCBOT-AK TROJAN! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "drivers" subfolder
X	Mircosoft Sockets SP2	mssck.exe	Added by the MYTOB.ET WORM!
X	Mircosoft Update	wuampkd.exe	Added by a variant of the SDBOT WORM!
X	Mircrosoft Svchost32	svchost32.exe	Added by the RBOT-AZW WORM!
X	Mircrosoft Windows Config DLL	rundllc32b.exe	Added by the RBOT-ZY WORM!
N	miroVIDEO Tray Tool	misitray.exe	Tool for quickly changing options for miro/Pinnacle capture cards during capture/playback/output. When this program is closed, another program (mv-ctrl) is also closed, but mv-ctrl does not have its own EXE file. Only needed when using the capture card, e.g. for the above actions
U	Mirra	Mirra.Client.exe	Mirra Personal Server from Seagate Tech - "a powerful hardware/software solution that integrates high-capacity storage with content protection, remote access, sharing and multi-computer synchronization"
U	MirrorFolderShell	mrfshl.exe	MirrorFolder backup software
X	Mirsoft sdcE	taskmegr.exe	Added by the RBOT-AWY WORM!
X	Mirsoft sdcE	taskmegr.exe	Added by the RBOT.DFQ WORM!
X	Miscrosoft Windows Explorer	IEEXPLORER.exe	Reported as the SDBOT.YX WORM!
?	misiCTRL	misiCTRL.exe	Miro video driver related. Is it required?
?	misiTRAY	misiTRAY.exe	Miro video driver related. Is it required?
X	Mismo	win32x.exe	Added by the RBOT-JP WORM!
N	Mixer	Mixer.exe	C-Media Mixer - C-Media produce audio chipsets that are often found on popular motherboards with on-board audio. Provides System Tray access to change audio settings. Available via Start -> Settings -> Control Panel or Start -> Programs
N	Mixersel	mixersel.exe	Configuration for Realtek audio devices
N	Mixghost	mixghost.exe	Management software for Altec Lansing speakers. If a change is needed, the user can launch it from the Start menu
X	MJ	te32.exe	Added by the AGENT.HAA TROJAN
X	ml00!.exe	ml00!.exe	Malware, detected by Panda Antivirus as Trj/Downloader.BWD
U	ML1HelperStartUp	ML1HEL~1.EXE	ScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
U	ML1HelperStartUp	ML1Helper.exe	ScreenScenes "Midnight Lake" screensaver. The freeware version comes with GAIN branded ads (pop-ups and others). ScreenScenes do however offer you the option of doing away with the ads by purchasing the screensaver for a whopping $30. Please note that Claria Corporation no longer support GAIN-Supported software - see here
X	ml34	[path to trojan]	Added by the MAILBOT-BH TROJAN!
X	Mlcr0s0ftf DDEs C0ntr0i	WAed.pif	Added by the RBOT-BJW WORM!
X	mlibsysmc	comzcinc.exe	Added by the SDBOT-CXS WORM!
X	mload	lxmstart.exe	Added by an unidentified VIRUS, WORM or TROJAN!
?	MM Install	setup.exe	Possibly Money Manager from Moneysoft?
X	MMB2	explorer.exe	Added by an unidentified WORM or TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	MMC	inisys.exe	Added by the OSCABOT-I WORM!
X	mmcndmgr	mmcndmgr.exe	Added by an unidentified VIRUS, WORM or TROJAN!
N	MMCWINMGMT	winmgmt.exe	Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
X	mmemdrv	mmemdrv.exe	SecondSight spyware. Note - SecondSight is spyware that captures keystrokes and screen shots, and logs user activity on the compromised computer. The risk can then send the logged information to a remote attacker via email, must be manually installed
U	MMERefresh	MMERefresh.exe	Part of Digidesgin Protools. Refreshes your midi ports on the 002(R) (the 002R is a hardware audio/midi converter connected to your computer via firewire). Must be running in order to use the MIDI functionality of the Digi002R
X	Mmessenger	messenger.exe	Added by the AGOBOT.GM WORM!
X	Mmgsvc	mmgsvc.exe	Mmgsvc spyware
U	MMhid	mmhid.dll	This is the Human Interface Device Server for Win98, it is required only if you are using USB Audio Devices you can disable via Msconfig. See here. Typical examples are USB multimedia keyboards with volume control and web-ready keyboards. For example - loaded by default with MS DSS80 Speakers because they have Volume, Mute and Bass controls on the speaker. Some users may experience problems disabling this - if this is the case then re-enable it. Equivalent to Hidserv in Win98SE/2000/Me/XP
?	MMHK	mmhk.exe	A driver found on a Compaq Presario 800T notebook. Possibly something to do with multimedia hot keys?
N	MMHotKey	MMHotKey.exe	Multimedia key handling for the relevant type of Turbo-Media keyboard. Shortcut available. Note that with this running it can crash DirectX8/9 under WinXP when a game switches to full-screen
X	MMicrosoft Security Management	inetforn.exe	Added by the RBOT.AFZ WORM!
U	MMKeybd	MMKeybd.exe	Multimedia keyboard manager. Required if you use the additional keys
U	Mmm	Mmm.exe	Hace Mmm - free utility to configure your Windows menus and move and remove menu-items you never use
X	mmod	mmod.exe	eZula TopText adware
N	mmpti	m1mmpti.exe	Mpact Mediaware Properties Taskbar Icon - multimedia software icon for Chromatic Research Mpact video cards
N	MMReminderService	MMReminderService.exe	Mind Manager from Mindjet - "easy way to organize ideas and information". Registration reminder
?	MMRun	mmrun.exe	??
X	mmsass	mmdmm.exe	Added by a variant of the SDBOT WORM! See here
X	mmsddlx	[random filename]	Added by a variant of the SLAPER TROJAN!
?	mmsys	recover.exe	??
X	MMSystem	RunDll32	Added by the FUNNER-A WORM!
Y	MMTASK	mmtask.tsk	A check on the file's properties reveals "Multimedia background task support module". MMTASK is a very simple 16-bit program used by certain multimedia drivers (which are still 16-bit on Win9x) to perform background processing. Some soundcards need this to support MIDI, etc
N	mmtask	mmtask.exe	Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator
X	MMtask Service	mmtask.exe	Added by the BACKGAT.A TROJAN! Not the valid MusicMatch Jukebox which has the same filename
N	MMTray	mm_tray.exe	MusicMatch Jukebox icon in the task tray - digital music player / CD burner and ripper / music organizer / playlist creator
N	MMTray	MMTray.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used
N	MMTray2K	MMTray2K.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used
N	MMTrayLSI	MMTrayLSI.exe	Part of Morgan Multimedia Codecs. Only required when the codecs are used
?	mmusrstp	procrun.exe	??
X	mmxp2passion.exe	mmxp2passion.exe	MediaMotor adware
X	mmxrun	msosa.exe	Added by an unidentified TROJAN or WORM!
X	mmxrun	mswinindex.exe	TwoSeven spyware
U	mm_server	mm_server.exe	Part of MusicMatch Jukebox - digital music player / CD burner and ripper / music organizer / playlist creator
X	mnklins	mnklins.exe	VX2.Transponder parasite updater/installer related
X	MNPol	mnpol.exe	Added by the DLUCA.B TROJAN!
U	MNS	MNS.exe	Mobile Net Switch enables you to use your computer on more then one network with the click of a button. It allows you to automatically select the correct drive mappings, printer settings, IP settings and much more
X	mnsa	mnso.exe	Added by the LINEAG-AI TROJAN!
X	mnsvc	mnsvc.exe	Added by the AUTOUPDER TROJAN!
X	mnsvcsp	mnsvcsp.exe	Added by an unidentified VIRUS, WORM or TROJAN!
?	mnu	igomnu.exe	Wanadoo broadband ISP (now rebranded as Orange) related. What does it do and is it required?
U	Mobile Phone Suite	MobilePhoneSuite.exe	Logitech Mobile Phone Suite
U	mobile PhoneTools	mPhonetools.exe	Motorola Phone Tools
U	Mobipocket Reader Notifications	readernotify.exe	Part of Mobipocket Reader - "Store all your eBooks, eNews & self-published eDocs on your PC. Download eBooks in Mobi format from your favorite ebookstores to read on your smartphone, PDA, laptop or on your desktop PC"
U	Mobipocket Web Companion	webcomp.exe	Related to Mobipocket eBook Reader
N	mobsync	mobsync.exe	MS Syncrhonization Manager - updates the network copy of materials that were edited offline, such as documents, calendars, and e-mail messages
X	MOBSYNC32.EXE	mobsync32.exe	Added by the FINERO TROJAN!
N	MOD	muamgr.exe	Using MicroAngelo On Display, you can easily select the icon images that you prefer rather than the default icons displayed by Windows. On Display provides a consistent and elegant method to customize the icon display for almost every icon on your system
X	Modem	locatesvc.exe	Added by a variant of the SPYBOT WORM!
X	Modem Driverz Updates	mdmdrv.exe	Added by a variant of the SDBOT WORM!
U	MODEMBTR	MODEMBTR.EXE	Modem Booster from inKline Global to improve ISP connections
X	Modeminf	Modeminf.exe	Added by a variant of the CRYPTER.C TROJAN!
U	ModemOnHold	MOH.EXE	NetWaiting Modem-on-Hold Application
N	ModemUtility	mdmsetpe.exe	System Tray configuration icon for Aztech modems
U	ModPS2	ModPS2Key.exe	Hotkey drivers for Chicony keyboard. Required if you use the hotkeys
X	ModularConfig	syscnfg.exe	Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside
X	Module Call initialize	RUNDLL32.EXE reg.dll, ondll_reg	Added by a variant of the LOVGATE WORM!
X	Modulo 00FE0F01 Host Internet	syschost.exe	Added by the DELF-KW TROJAN!
X	MonAppli	isys32.exe	Added by the ADCLICKER.AE TROJAN!
N	Money Express	moneyexpress.exe	Part of MS Money. Available via Start -> Programs
N	MoneyAgent	money express.exe	Part of MS Money. Available via Start -> Programs
N	MoneyAgent	mnyexpr.exe	Microsoft Money
N	MoneyStartUp	Money Startup.exe	Microsoft Money
N	MoneyStartUp10.0	Activation.exe	Part of MS Money 2002. Available via Start -> Programs
X	monitor	monitor.exe	Browser hijacker, redirecting to NCM Search
U	Monitor	SD Monitor.exe	"Transfer data quickly between your memory card and your computer with SanDisk's Readers, Writers and Adapters"
U	Monitor Apache Servers	ApacheMonitor.exe	Part of the Apache Web Server package. Useful only if you're running such a server on your PC. Available via Start -> Programs
U	Monitor Helper	monitor.exe	MyLittleSpy keystroke logger/monitoring program - remove unless you installed it yourself!
X	Monitoring Service	svchost.exe	Added by the CONE.C WORM! Note - this is not the legitimate svchost.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in a "tasks" subfolder of the Winnt or Windows folder
X	Monitormgt	Monitormgt.exe	Added by the GEMA TROJAN!
U	MonitorSD	SDMonitor.exe	Spyware Detector - spyware remover. Initially not recommended due to false positives but the later versions have since improved - see here
X	MONPluginSrIvcs	n3monap23.exe	Added by a variant of the RBOT WORM!
N	Monstersoundtray	Freectrl.exe	Diamond Multimedia sound card control panel
X	MonTest	vccxzq.exe	Added by the SDBOT-EA WORM!
U	MoodBook	mb.exe	MoodBook is a free Windows utility that brings art to your desktop
N	moon phase	moon.exe	Moon Phase - tray icon that indicates the phases of the moon
X	MoreContent	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	MoreResults	MoreResults.exe	MoreResults adware
N	Morpheus	morpheus.exe	MusicCity Networks' Morpheus - another peer-to-peer client based on Kazaa. Notable in that this one doesn't seem to install the adware that clog the Kazaa download. They claim they are adware free, and a visitor quotes "I have seen no instance of any since using it"
X	morphstb	morphstb.exe	Adware - detected by Kaspersky as the STUBBY.C TROJAN!
X	mosearch	mosearch.exe	Fast Search in Office XP - similar to the new revision of the Find Fast feature in Office 2000. Fast Search uses the Indexing Services in Office XP to create a catalog of Office files on your computer's hard disk. As with Find Fast - a waste of resources. If it can't be disabled via MSCONFIG try here
X	Motherboard Config	Ati2xxx.exe	Added by the RBOT-AIK WORM!
X	MotherBoard Sounds	Sounds.exe	Added by the RBOT-AAP WORM!
N	Motive SmartBridge	mpbtn.exe	System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
N	Motive SmartBridge	MotiveSB.exe	System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
N	Motive SmartBridge	BTHelpNotifier.exe	System tray icon for help from BT Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
U	MotiveMonitor	motmon.exe	Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used?the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
N	MotiveSB	MotiveSB.exe	System tray icon for the Virtual Assistant from AT&T Broadband, used to communicate internet problems via the network rather than telephone. Available via desktop shortcut or Start -> Programs - not required
U	MotMon	motmon.exe	Found on HP/Dell and Compaq systems (and maybe others). MotiveMonitor is used?the suppliers on-line support and allows the agent at the far end to do harddrive/ram/video/etc tests on the computer. Can cause some users problems with IE and Netscape by disabling this - in this case leave it to run. You may also wish to leave it alone if the PC is still within the support period from the manufcaturer. For most users it's not required
X	motoin	mm15201518.Stub.exe	Delfin Promulgate adware variant
U	Motorola Desktop Suite	DesktopSuite.exe	Related to Motorola Desktop Suite - PC software managing Motorola mobiles such as the A1000
U	Motorola Desktop Suite mRouter Config	mRouterConfig.exe	Configuration for Intuwave's mRouter - "that enables easy connectivity between mobile devices and PCs across Bluetooth, Infrared, USB and serial cable connections". An integral component of Symbian OS that is provided to all Symbian licensees
U	Motor_Tracking_Tool	MTTool.exe	Sweex Motion Tracking Webcam utlity. "The motion tracking function ensures that the camera can follow all your movements. So you can move and chat, without disappearing from view"
U	Mount Safe & Sound	Fbmount.exe	From McAfee VirusScan version 5.x. Creates back-up sets of critical files in a separate area of a hard drive. If you make regular back-ups it's not needed and can be painful during system start
U	mount.exe	mount.exe	Part of "GiPo@FileUtilities - GiPo@Mount "Provides advanced substitutional and mounting services. It allows to attach a local drive to an empty folder on an NTFS volume (only for Windows 2000/XP) and to substitute a local folder for a drive letter"
X	mouse	mouse.exe	Added by the RBOT-AHJ WORM!
U	Mouse 32A	Mouse32A.exe	Mouse utility. If you disable this entry you will not be able to use any of the non-standard functions of the mouse
N	Mouse Suite 98 Daemon	pelmiced.exe	Mouse driver. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
U	Mouse Suite 98 Daemon	ICO.EXE	Found on some Sony Vaio, IBM Thinkpad and Dell (and possibly other) laptops and seems to be related to Mouse Suite 98 Daemon according to the properties. Required on the Dell Inspirion 530 as without it the Dell mouse suite does not load and mouse settings are not retained on a reboot. Appears to cause a behaviour where the desktop suddenly flips back up when playing DirectX associated games
X	mousebut	mousebut.exe	Added by the CRYPTER.A TROJAN!
X	Mousecntl	mousecntl.exe	Added by a variant of the CRYPTER.C TROJAN!
N	MouseCount	MC.exe	MouseCount by Kittyfeet Software. "Utility for counting how many times us computer junkies click our mouse in a given session/day/week/month/year." Not required
X	MouseDrv	[path to worm]	Added by the ZOLOAD-B WORM!
X	MouseDrv	update.exe	Added by the ZOTOB.N WORM!
U	mouseElf	MC.exe	Genius NetScroll mouse driver - required if you use non-standard Windows driver features
U	mouseElf	mouseElf.exe	System Tray access to the mouse control panel for Genius Netscroll mice. Required if you use non-standard Windows driver features
U	MouseImp	MImpHost.exe	MouseImp Pro - "A reliable assistant that turns your mouse into a simple, native but powerful controlling device"
X	mousepad	mousepad.exe	Added by the CLICKER TROJAN!
U	Mousinfo	mousinfo.exe	MS mouse information tool - for troubleshooting mouse problems
X	MoussaEvil	[path to file]	Added by the MUSANUB-A WORM!
X	MoveSearch	Search.exe	PigSearch adware
N	Movielink Manager Uninstall	msvcmm32.exe	Auto-update for Movielink - internet movie rental System Tray access
X	MovieM	lmovie.exe	Added by the BEAGLE.DS WORM!
X	moviemk	moviemk.exe	Added by the DWNLDR-GTB TROJAN!
X	MovieNetworks	MovieNetworks.exe	MovieNetworks will connect you by DOMESTIC PREMIUM RATE TELEPHONE NUMBER 900-xxx-xxxx. So you get xxx rated pictures and junk. And it will allow you to stay on the internet on their line and $$$ and remove the C:Program FilesMovieNetworks directory
X	Movieplace	Movieplace.exe	MoviePlace malware
X	Mozila	mozila.exe	Added by the DELBOT-AJ WORM!
X	Mozila Firefox	firebox.exe	Added by the RBOT-AIP WORM!
X	Mozilla Firebird v0.8 Internet Browser	netstats.exe	Added by the IRCBOT.MC TROJAN!
X	Mozilla Firefox	F1REF0X.EXE	Added by a variant of the SDBOT WORM!
N	Mozilla Quick Launch	Netscp6.exe	Netscape 6 and Mozilla browsers
N	Mozilla Quick Launch	Mozilla.exe	Netscape 6 and Mozilla browsers
N	mozilla_cleanup	xpicleanup.exe	Firefox Mozilla cleans up after installation. It is invoked on a restart after installation, to remove the bits and pieces resulting from the installation
U	Mozy Status	mozystat.exe	Mozy - free backup at a secure, remote location
X	MP Tcloakss	mptclock.exe	Added by the NACKBOT-B WORM!
X	MP Tcloaxs	mptcloaxs.exe	Added by the RANDEX.CT WORM!
X	MP Tclockvv	mptclock.exe	Added by the NACKBOT-A WORM!
X	MP Tclockvv	mptclockvv.exe	Added by the RANDEX.CJ WORM!
N	MP3 CD Extractor	CD-Extractor.exe	"MP3 CD Extractor is an audio CD to MP3 ripper which can extract Digital Audio tracks from Audio CDs into files on the hard disk"
X	Mp3 Loader	Sysdata.EXE	Added by the AVETTE-A VIRUS!
X	MP3Collection	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	MP3download	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	MP3freeDownload	rundll32.exe MSA64CHK.dll, DllMostrar	MatrixDialer related. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "MSA64CHK.dll" file is located in the Winnt or Windows folder
X	MP4 Player	mp4Player.exe	MP4 Player allows you to view MP4 videos. Marked as undesirable due to the fact that it changes your homepage to a custom Google search engine, changes your browser's default search provider, and runs hidden in the background. Terms of use also state that it collects and tracks urls you visit in order to display relevant ads
U	MPEO	Csinsm32.exe	Automatic logging of installs from Norton CleanSweep - available via Start -> Programs
Y	MPFExe	mpf.exe	McAfee Personal Firewall
Y	MPFExe	MpfTray.exe	McAfee Personal Firewall
Y	MPFTray	MpfTray.exe	McAfee Personal Firewall
X	MPL32 driver	MPL32.exe	Added by the LOONY-M TROJAN!
X	MPlay64	mplay64.exe	Added by the MPLAY64 TROJAN!
U	MplSetup	MplSetup.exe	Used by Ricoh network printers to enable network printing from the client
X	MPM Manager	MPM.exe	Added by the DONBOMB.A TROJAN!
X	MPNet	mpn.exe	Added by the DELBOT-W WORM!
U	MPower	MPower.exe	MPower from MindBeat. "Defragments and frees your RAM giving more stability to your system and avoiding needless use of swap file. Willl also benchmark (speed test) your hard disk drives and your CPU load". MS MVPs (Most Valued Professional) recommend not using memory managers with Win98/SE/ME. See this article and make up your own mind
X	mppdds	mppdds.exe	Added by the PWS-AKZ TROJAN!
X	mppds	mppds.exe	Added by the LEGMIR.AQZ TROJAN!
X	MPR MSG	mprmsg32.exe	Added by the MYTOB.CF WORM!
X	MPREXE	MPREXE.EXE	Added by the OPASERV.T WORM! Note - this is not the legitimate Mprexe.exe system file
Y	MPREXE.exe	mprexe.exe	WIN32 Network Service Interface Process. MPREXE.exe enables the computer to have multiple clients/protocols for networks. There are some problems with it sometimes though - see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background. NOTE : sometimes it will appear in start-ups if you have a virus
X	MprHTML	MprHTML.exe	Added by a variant of the VAGRNOCKER TROJAN!
X	mprocessor	mprocessor.exe	InstallDollars.com foistware
U	MPSExe	mscifapp.exe	McAfee.com Privacy Service - "combines personal identifiable information (PII) protection with online advertisement blocking and content filtering"
Y	MpsOnn	MpsOnn.exe	Canon printer driver
?	MPT	MPT.exe	??
X	MPtask Services	mptask.exe	Added by the LALA or AOT TROJANS!
N	MPTBox	MPTBOX.EXE	Cannon Multi-Pass toolbox - a button bar
X	mptsgsvc.exe	mptsgsvc.exe	Hacker Tool - detected by DiamondCS TDS-3 anti-trojan as "HackTool.Win32.Hidd.j"
N	MPXTray	mpxptray.exe	Windows Media Player PowerToy which is run from the taskbar. It can be used to hide Windows Media Player (when in use) and choose various standard buttons (play/pause, next,previous) etc
U	MP_STATUS_MONITOR	monitr32.exe	Cannon Multi-Pass status monitor - your choice
X	mqbkup	mqbkup.exe	Added by the OPASERV.K WORM!
X	mrsvctr	mrsvctr.exe	Added by a variant of the SDBOT WORM!
Y	MRT	MRT.exe	Microsoft's Malicious Software Removal Tool
N	mrtMngr	mrtMngr.exe	Maintenance Release Task Manager for Intuit's QuickBooks or Quicken
U	MRU-Blaster Scheduler	scheduler.exe	Scheduler for MRU-Blaster - "a program made to do one large task - detect and clean MRU (most recently used) lists on your computer"
N	MRU-Blaster Silent Clean	mrublaster.exe	MRU-Blaster - performs silent cleaning of MRU lists at boot
U	MRUBlaster	indexcleaner.exe	MRU-Blaster related - runs once in order to delete the index.dat file in the Temporary Internet Files and/or Cookies folder
X	Mr_CoolFace_Game	Emma.exe	Added by the ROMARIO-A WORM!
X	ms	svhost32.exe	Added by the LEGMIR-AQO TROJAN!
X	MS Auto-IPSec Protection	MSASP32.exe	Added by the RBOT-AER WORM!
X	MS Autoloader 32	MSAuto32.exe	Added by the SPYBOT.BD WORM!
X	Ms Builders	Wupated.exe	Added by the AGOBOT-SS WORM!
X	MS Config	msdconfig.exe	Added by the RBOT-CZH WORM!
X	MS Config Loader	svchos1.exe	Added by the AGOBOT.R WORM!
X	MS Config Loader	MSWin32bck.exe	Added by the GAOBOT.AA WORM!
X	MS Config Loader	svcrhost.exe	Added by a variant of the RBOT WORM!
X	MS Config Service	Msloader32.exe	Added by the RBOT-KJ WORM!
X	MS Config v12	mscfg12.exe	Added by the AGOBOT.YP WORM!
U	MS Config v13	lrbz32.exe	Added by the GAOBOT.AOL WORM!
X	MS Config v13	mscfg13.exe	Added by the AGOBOT.YQ WORM!
X	Ms configsu	msconfigsu.exe	Added by a variant of the SDBOT WORM!
X	MS Configuration	MSFramer.exe	Added by the RANDEX.OL WORM!
X	Ms Configuration	microsoftsa32.exe	Added by the KELVIR.X WORM!
X	MS DATABASE	MSDATA32.EXE	Added by a variant of the SDBOT WORM!
X	MS Decryption Software	active.exe	MediaTickets adware variant
X	MS DirectX Sound Drivers	msdrvdx.exe	Added by the RBOT.BCX WORM!
X	MS DLL Library Manager	dllsys64.exe	Added by the RANKY TROJAN!
X	MS Domain Name Server Deamon	MSDNSD32.exe	Added by the RBOT-CMZ WORM!
X	MS Domain Name System	MSWDNS32.exe	Added by the RBOT-GKY WORM!
X	MS DVD DirectX Dll Drivers	mdxdl.exe	Added by the SDBOT-XI WORM!
X	MS DVD DirectX Sound Drivers	msdrvdx.exe	Added by the SDBOT-XJ WORM!
X	MS Explorer	mexplore.exe	Added by the YAHA.AE WORM!
X	MS FIREWALL	msfrewall.exe	Added by the SDBOT-PU WORM!
X	MS FIREWALL	msfirewall.exe	Added by the SDBOT-QH WORM!
X	MS Host	msthost.exe	Added by the CHECKOUT WORM! See here
X	MS Host Manager	ivhost.exe	Added by the RBOT-BJN WORM!
X	MS Hosts	msthosts.exe	Added by a variant of the IRCBOT TROJAN! See here
X	MS HTML	msHtml.exe	Added by the PESTDOOR.31 TROJAN!
X	MS HTML	mslat.exe	Added by the LATINUS.SVR TROJAN!
X	MS HTML Location Class	MSHTML32.exe	Added by the RBOT-YD WORM!
X	MS Internet Executor 32	MSIXEC32.exe	Added by the RBOT-AEQ WORM!
X	MS Internet Explore	MSIEx.exe	Added by a variant of the RBOT WORM!
X	MS Java Applets for Windows NT & XP	javaapplet.exe	Added by the RBOT.BHG WORM!
U	MS Java Applets for Windows NT, ME & XP	javaapplets.exe	Added by the VANEBOT-B WORM!
X	Ms Java for Windows 98, NT, ME & XP	msjavames.exe	Added by the RBOT.BHJ WORM!
X	Ms Java for Windows 98, NT, XP & ME	msjavaxps.exe	Added by the BACKDOOR.GEN TROJAN!
X	Ms Java for Windows NT	MS32.exe	Added by the VANEBOT-H WORM!
X	Ms Java for Windows NT	msi32java.exe	Added by the VANEBOT-I WORM!
X	Ms Java for Windows NT	msjava.exe	Added by the VANEBOT-E WORM!
X	Ms Java for Windows NT	msi32info.exe	Added by the RBOT.AFX WORM!
X	MS Java for Windows NT, XP & ME	xpjavams.exe	Added by the KASSBOT-V WORM!
X	MS Java for Windows XP & NT	javanet.exe	Added by the VANEBOT-A WORM!
U	MS Java Service Wrapper for Windows NT & XP	wrapper.exe	Added by the VANEBOT-D WORM!
X	Ms Java Update For Windows NT/XP	msijavaupdt32.exe	Added by the RANDEX.AF WORM!
X	MS LARISSA	MS_LARISSA.exe	Added by the ASSIRAL.B WORM!
X	MS lsass Startup	lsass135.exe	Added by the RBOT.WM WORM!
?	MS management console	mms.exe	Suspicious as the legitimate "Microsoft Management Console" is "mmc.exe" and not "mms.exe" and doesn't normally run at startup
X	MS Microsoft Socket Deamon	MSSCKD32.exe	Added by a variant of the RBOT WORM!
X	MS MSN Menssenger 7.0	MSMSN7.exe	Added by the RBOT-ACA WORM!
X	MS MSN Menssenger 7.0	MSEXPORT.exe	Added by a variant of the SDBOT WORM!
X	MS Network Control	mswin.exe	Added by the DUMBA TROJAN!
X	ms ownage	winPE.exe	Added by the RBOT-AJL WORM!
X	MS PLUS INC	wpad.exe	Added by the MYTOB-AN WORM!
X	Ms Processe Manager	msproc.exe	Added by the RBOT.ATO WORM!
X	MS Real Player	RealPlyr.exe	Added by the RBOT.MR WORM!
X	MS Registry Service	MSRMS32.exe	Added by the RBOT-AKP WORM!
X	MS Remote Procedure Call	msrpc32.exe	Added by the RBOT-QL WORM!
X	MS Screen Saver	scrsave.scr	Added by the RBOT-AGT WORM!
X	MS Security	systm.pif	Added by the RBOT-AQN WORM!
X	MS Security Authority Service	lsass.exe	Added by the KALEL-B WORM! Note - this is not the legitimate lsass.exe process which is always located in the System (9x/Me) or System32 (NT/2K/XP) folder and should not normally figure in Msconfig/Startup! This file is located in the System folder
X	MS Security Hotfix	service5.exe	Added by the GAOBOT.AG WORM!
X	MS Security Update 993	msident.exe	Added by a variant of the SDBOT WORM!
X	MS service	msservice.exe	Added by the RBOT-ZG WORM!
X	MS Service Drivers	winscv.exe	Added by the SDBOT-COG WORM!
X	Ms sock for Windows NT	winser.exe	Added by a variant of the SDBOT WORM!
X	MS Sound Config 16bit	sndcfg16.exe	Added by the SDBOT.MB TROJAN!
X	Ms Sound Drivers	msdrv.exe	Added by the SDBOT-WR WORM!
X	ms spool service	msspooler.exe	Added by a variant of the RBOT WORM!
X	Ms Spool32	MS SPOOL32.EXE	Added by the ASASSIN TROJAN!
X	MS SyS Restore	sysrestore.exe	Added by the RBOT.XM WORM!
X	MS Sys Security	mswin.pif	Added by the RBOT-APJ WORM!
X	MS System Call Function	msscf32.exe	Added by the RBOT-GBZ WORM!
X	Ms System Config	Mscfg.exe	Added by the SDBOT-CCR WORM!
X	Ms System Config	pcedit.exe	Added by a variant of the SDBOT WORM!
X	MS System Security	mswin32.pif	Added by the RBOT-AOX WORM!
X	Ms task manager	tskmgr.exe	Added by the SDBOT.CCD WORM!
X	MS Task Manager 32	mstskmgr.exe	Added by the RANKY.DE TROJAN!
X	MS taskbar	crssr.exe	Added by the RBOT-AGO WORM!
X	MS taskbar	nts.exe	Added by the RBOT-AGB WORM!
X	MS taskbar	taskbars.exe	Added by the RBOT.BRW WORM!
X	MS Taskbars	taskbars.exe	Added by the SDBOT-ACV WORM!
X	MS taskmanager	tskmgr.exe	Added by the RBOT-AKA WORM!
X	MS Time	timezone.exe	Added by the AGOBOT.ADY WORM!
X	MS UniX	navupdate64.exe	Added by a variant of the RBOT WORM!
X	MS Unix Binary	win32ttb.exe	Added by the SPYBOT.OQ WORM!
X	MS Unix Binary	msmq2inst.exe	Added by the RBOT-YF WORM!
X	MS Unix Binary	msnupdate.exe	Added by the RBOT-AAM WORM!
X	MS Unix Binary	outlookexpressupdate.exe	Added by the RBOT-YU WORM!
X	MS Unix Binary	Win32Update.exe	Added by the RBOT-BAS WORM!
X	MS Unix Binary	Norton2005Update.exe	Added by a variant of the RBOT WORM!
X	MS Unix Binary	trmupdate.exe	Added by the RBOT-ACC WORM!
X	MS Unix Binary	WinGuard.exe	Added by the RBOT-ACL WORM!
X	MS Unix Binary	msnq3insller.exe	Added by a variant of the RBOT WORM!
X	MS Update	syshost.exe	Added by the EVAMAN-F WORM!
X	Ms Update WinServices NT/XP	winservnt32.exe	Added by the VANEBOT-G WORM!
X	MS Updates	mscache.exe	Spyware web downloader
X	MS Updates	syshosts.exe	Added by the MYDOOM.Y WORM!
X	MS Updates	aupd.exe	Spyware web downloader
X	MS Updating Utility	msupdater.exe	Added by the RBOT-XR WORM!
X	MS USB 2.0 Windows Support	msusb32.exe	Added by a variant of the RBOT WORM!
X	Ms Valud Loader	Svhots.exe	Added by the AGOBOT-SP WORM!
X	MS Win32 Network Services	windriver.exe	Added by the AGOBOT.ADH WORM!
X	ms window update	*****.exe [ = random character]	Added by a variant of the RBOT WORM!
X	MS Windows AOL Driver	MSAOLdrv.exe	Added by the RBOT-ASP WORM!
X	MS windows Data list process	MSDATLST.exe	Added by an unidentified WORM or TROJAN!
X	MS Windows Executor Process	MSEXECP32.exe	Added by a variant of the RBOT WORM!
X	MS Windows Local Directory	MSWLD32.exe	Added by a variant of the RBOT WORM!
X	MS Windows procces 32	msprocces.exe	Added by the RBOT-AEZ WORM!
X	MS Windows Process Class	MSPRCSS32.exe	Added by the RBOT-YQ WORM!
X	MS Windows Process Init	MSWPI32.exe	Added by the RBOT-ASQ WORM!
X	MS Windows Security Updater	updater.pif	Added by the RBOT-AKY WORM!
X	MS Windows System Alert	MSWSA32.exe	Added by the RBOT-BFN WORM!
X	MS Windows TASK Service	MSWTASK32.exe	Added by a variant of the RBOT WORM!
X	MS Windows Update	scguard.exe	Added by the RBOT-YZ WORM!
X	MS WINS Binary	ign32.pif	Added by the RBOT-ASB WORM!
X	ms************* [* = random digit]	ms************.exe [ = random digit]	WINBO adware
X	Ms*.exe [ = random char]	Ms*.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	Ms*32.exe [ = random char]	Ms*32.exe [ = random char]	CoolWebSearch/HomeSearch adware - for examples, see this log
X	MS-Connect	arr.exe	Adult content dialler - see here
X	MS-Connect	cdm.exe	Adult content dialler - see here
X	MS-Connect	game.exe	Adult content dialler - see here
X	MS-Connect	msite18.exe	Adult content dialler - see here
X	MS-Connect	web.exe	Adult content dialler - see here
X	MS-DOS Boot Service	Boot32.pif	Added by the RBOT-AMF WORM!
X	MS-DOS Security Service	ms-dos.pif	Added by the RBOT-AMR WORM!
X	MS-DOS Service	MS-DOS.pif	Added by the RBOT-AII WORM!
X	MS-DOS Windows Service	MS-DOS.PIF	Added by the RBOT-AJW WORM!
X	MS-HTML	[random filename]	Added by the LATINUS.15 TROJAN!
X	MS-patch	msconfig32.exe	Added by the RBOT-AUF WORM!
X	MS-patch	mspatch32.exe	Added by the RBOT-AWF TROJAN!
X	MS-RunKey	arr.exe	MS-Connect dialler/hijacker
X	ms2src	ms2src.exe	Added by a TROJAN - see here
X	MS32DLL	achi.dll.vbs	Added by the ACHI-A TROJAN!
X	MS32DLL	Bha.dll.vbs	Added by the BUTSUR-A WORM!
X	MS32DLL	Bha.dll.vbs	Added by the BUTSUR-A WORM!
X	MS32DLL	MS32DLL.dll.vbs	Added by the ZODGILA WORM!
X	MS7531	ms7531.exe	Homepage hijacker
X	MSACM	msacm.exe	Added by the OPASERV-O WORM!
X	msadcheck	msadcheck32.exe	Browser hijacker, redirecting to search-system.com
X	MSAdmin	jdbgmrg.exe	Added by the DASMIN.A TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here
X	MSAgent	mshtm.exe	Browser hijacker - redirecting to buldog-search.com
X	MSAgent	hhnt.exe	Added by the AGENT.JI spyware
X	MSAgentXP	MSAgentXP.exe	Reported by Ewido Security Suite as TrojanDownloader.Reqlook.c
U	msaim	msaolim.exe	MessageSpy keystroke logger/monitoring program - remove unless you installed it yourself!
X	msappts32	msappts32.exe	Added by the ELBURRO-A TROJAN!
X	MsAudio	explorer.exe	Added by the LEGMIR-BY TROJAN! Note - the legitimate Windows Explorer (explorer.exe) is located in the Windows or Winnt folder and would not normally appear in Msconfig/Startup unless you added it manually! This one is located in the System (9x/Me) or System32 (NT/2K/XP) folder
X	MsAudio	MsVM_STI.EXE RunDll32 cmicnfg.cpl, CMICtrlWnd	Added by the LEGMIR-BY TROJAN! Note - this is not associated with C-Media based audio which uses a similar command entry (see here)
X	MSbackups	backups.exe	Added by the BANLOAD-TL TROJAN!
X	MSBB	msbb.exe	Advertising spyware
X	msbcs	msbcs.exe	Added by the DADOBRA-G TROJAN!
X	MsBootMgr.exe	MsBootMgr.exe	Added by the VERIFY TROJAN!
X	msbsc	[path to trojan]	Added by the BANKER-DF TROJAN!
X	msccrt	msccrt.exe	Added by the PWS-ALA TROJAN!
X	mscheck	rundll32.exe wincheck071008.dll mymain	Detected by Trend Micro as the AGENT.ADXH TROJAN! See here. Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "wincheck071008.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	mschkdf.exe	mschkdf.exe	Added by a variant of the SDBOT WORM!
X	MSChoExE	suge.exe	Added by a variant of the RBOT WORM!
?	msci	mcinfo.exe	McAfee Internet Security related. What does it do and is it required?
X	mscman	mscman.exe	ClientMan parasite variant
U	mscn	mscn.exe	Part of the SafeChildNet internet filtering program - required if you use it
X	Mscnt	mscnt.exe	Added by the DLUCA-C TROJAN!
X	Mscolour	mscolour.exe	Added by the GEMA TROJAN!
X	MSCommX	mscommx.exe	Added by a variant of the RBOT WORM!
X	MSCONFG32.EXE	MSCONFG32.EXE	Added by the OPTIX.04.C TROJAN!
N	MSConfig	msconfig.exe	Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
X	MSConfig	MSCONFIG32.EXE	Added by the SPYBOT.B WORM!
X	msconfig	msconfig.exe	CoolWebSearch parasite related. Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
X	Msconfig	msconfig.exe	Added by the WINUR WORM! Note - this is not the real msconfig.exe as it's located in C:winrun
X	msconfig	wins.exe	Added by the RBOT.PF WORM!
X	MSConfig	MSCONFIG35.EXE	Added by a variant of the SPYBOT WORM!
X	msconfig	scvhost.exe	Added by the AGENT-DSF TROJAN!
X	msconfig	winlog.exe	Added by the IRCBOT-TJ TROJAN!
X	Msconfig	icpldrvx.exe	Added by the BANLOAD.BFT TROJAN!
X	msconfig	msconfig.com	Added by the IRCBOT-SM WORM!
X	msconfig	msconfig.bat	Added by the PAHATIA.B WORM!
X	Msconfig lptt01	msconfig.exe	RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name
X	MSConfig Manager	msupdate.exe	CoolWebSearch parasite variant
X	Msconfig ml097e	msconfig.exe	RapidBlaster variant (in a "msconfig" folder in Program Files). Recommended you use RapidBlaster Killer to uninstall - see here. Note - this is not the valid Windows Msconfig which has the same executable name
X	msconfig service	MSupdate32.exe	Added by a variant of the SPYBOT WORM!
X	msconfig.exe	proxy.exe	Added by a variant of the AGENT.AH downloader TROJAN!
X	msconfig.exe	uline.exe	Added by a variant of the AGENT.AH downloader TROJAN!
X	msconfig38	mssvcc.exe	Added by the RBOT-BJV WORM!
X	MSConfig45	MSConfig45.exe	Added by the SDBOT.OJ TROJAN!
X	MSConfigr	jdbgmrg.exe	Added by the DASMIN.C TROJAN! Note - this is not the valid JDBGMGR.EXE file - see here
N	MSConfigReminder	msconfig.exe	Entry that appears when you uncheck an item in the MSConfig Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
X	MsConfigs	MsConfigs.exe	Added by the ALCAN.A WORM!
X	MSConfigs	RUNDLL64.dll.vbs	Added by the WEKODE-B WORM!
X	MSControl28	crsss.exe	Added by the SPYBOT.AJX WORM!
X	MSControl31	winnsyst.exe	Added by the RBOT.CFY WORM!
X	MSControl3d1	isasse.exe	Added by the RBOT.CGU WORM!
X	MSCORE	syscnfg.exe	Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside
X	Mscsgs	MSCSGS.EXE	Added by the ZEZER WORM!
X	Mscsgs32	MSCSGS32.EXE	Added by the ZEZER WORM!
X	mscsvc.exe	mscsvc.exe	Added by the BANCOS.T TROJAN!
X	msctrl.exe	msctrl.exe	Detected by Kaspersky as the AGENT.ANQ TROJAN! See here
X	Msctrl32	Msctrl32.scr	Added by the REDIST WORM!
X	MSCVT	MSCVT.exe	Added by the SLIDESHOW WORM!
X	msdbgm.exe	msdbgm.exe	Added by the CIMUZ-CQ TROJAN!
X	MSDcom	MSDcom.exe	Added by a variant of the SDBOT WORM!
X	msdefender.exe	msdefender.exe	Detected by Trend Micro as the PAKES.ZL TROJAN! See here
X	msdev	msdev.exe	Added by the FORBOT-CR WORM!
X	msdev	msconfig.exe	Added by the AGOBOT.AAU WORM! Note - this is not the legitimate msconfig.exe which should only appear in Msconfig/Startup if you leave the warning box unchecked after changing an Msconfig entry and rebooting
X	msdir32	msdir32.bat	Added by the ROOKIE-A TROJAN!
X	msdirect.exe	msdirect.exe	Added by the CERTIF-L TROJAN!
X	MSDLL	syscnfg.exe	Added by an unidentified VIRUS, WORM or TROJAN! "syscnfg.exe" is found in C:windowsfonts (or C:winntfonts) directory where no *.exe files should reside
X	Msdmxm	msdmxm.exe	Added by the DLOAD-DC TROJAN!
X	MSDN	nese.exe	Added by the SDBOT.AHY WORM!
X	MSDN for Windows NT	msdn.exe	Added by a variant of the RBOT WORM!
X	MSDN for Windows NT & WinXP	msdnxp.exe	Added by the IRCBOT-PE WORM!
X	MSDN for Windows with NT's	msdn-nt.exe	Added by the RBOT-EWD WORM!
X	MSDN HELP	msdn.exe	Added by the AGOBOT.AIB WORM!
X	MSDNN	help.exe	Added by the AGENT-GBK TROJAN!
X	MSDOS Security Service	msdos.pif	Added by the RBOT-AMP WORM!
X	MSDOS Service	MSDOS.PIF	Added by the RBOT-AIY WORM!
X	MSDOS Windows Service	MSDOS.PIF	Added by the RBOT-AKF WORM!
X	Msdos32	Msdos32.pif	Added by the RECORY WORM!
X	msdos423	msdos423.exe	Added by the MENACE.A WORM!
N	MSDosdrv	msdosdrv.exe	Added by the BACROS WORM!
X	MSDrive	rundll32.exe drvkoc.dll	Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvkoc.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	MSDrive	rundll32.exe drvmod.dll	Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvmod.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	MSDrive	rundll32.exe drvsoh.dll	Added by a variant of the OP DIALER! Note that rundll32.exe is a legitimate Microsoft file used to launch DLL file types and shouldn't be deleted. The "drvsoh.dll" file is found in the System (9x/Me) or System32 (NT/2K/XP) folder
X	msdrvctrl	msdrvctrl.exe	Detected by Kaspersky as the AGENT.BN TROJAN! See here
N	MSDTC	msdtc.exe	MS Distributed Transaction Coordinator - handles transactions across multiple servers and is installed by MS Personal Web Server and MS SQL Server
X	Msemu32	Msemu32.exe	Unidentified spyware/adware/hijacker
X	msennger	l4m3r.exe	Added by the PROGENT-AF TROJAN!
X	mservices.exe	mservices.exe	Added by the SDBOT.WJ WORM!
X	Msfind	Msfind.exe	CoolWebSearch parasite variant
X	MSFind32	msfind32.exe	Added by the CAYAM WORM!
X	msfindosa.exe	msfindosa.exe	Added by the DOWNLOADER-BS TROJAN!
X	MSFTP Service Config	r3grun.exe	Added by a variant of the SDBOT WORM!
X	msfw.exe	msfw.exe	Detected by Kaspersky as the AGENT.ANQ TROJAN! See here
X	MSFWAVTSM	FTPDev.exe	Added by the RBOT-ACF WORM!
X	Msg Fixage	msgfixed.exe	Added by the SDBOT.ZD WORM!
X	MsgApi	[path to file]	Added by the DEDLER-D TROJAN!
X	msgb1	msgb1.exe	Added by the DLUCA.GEN TROJAN!
N	MsgCenterExe	RealOneMessageCenter.exe	RealNetworks RealPlayer related - disabling this application will not affect Real Player in any way
X	msgex32	msgex32.exe	Added by the APPFLET-A WORM!
X	Msgmgr	[path to worm]	Added by the BABYBEAR WORM!
X	msgserv_	Syss.exe	Added by the FANTA TROJAN!
X	msgsm32	msgsm32.exe	Added by the RBOT-ASG WORM!
X	Msgsrv16	Msgsrv16.exe	Added by the DELF family of TROJANS!
Y	MSGSRV32.exe	msgsrv32.exe	Windows 32-bit VxD Message Server. For more information on its function and why it's needed, see here. Note - why some people have it listed in start-up programs I don't know but I was asked to include it here. It automatically runs in the background
X	Msgsvc32	[worm filename]	Added by the NAUTICAL-A WORM!
X	MsgSvcMgr32	cmdzxdll.exe	Added by the RBOT-AEK WORM!
X	msgsvr32	msgsvr32.exe	Added by the DEADHAT.B WORM! Note - not to be confused with the valid "msgsrv32.exe" file which resides in the same directory (C:WindowsSystem) on a Win9x/Me machine
U	MSGTAG	MSGTAG.exe	MSGTAG is an application that tells you when your emails have been received and opened
X	Msgtray	sys16.exe	Added by an unknown VIRUS!
X	Mshelp32	mshelp32.exe	CoolWebSearch parasite variant
X	MSHT@	MSHT@.EXE	Added by the MAGISTR.A VIRUS!
X	mshtmll	mshtmll.dll	Added by the DELF.BAS TROJAN!
X	MSI Configuration	msiconf.exe	Added by the AGENT.AKSZ TROJAN!
X	msiconf.exe	msiconf.exe	Added by a variant of the FAKEALERT TROJAN!
X	msident	msident.exe	Unidentified adware or trojan
X	msidle	msidle.exe	Added by the OPASERV-O WORM!
X	MsIdle32.exe	MsIdle32.exe	Added by the VERIFY TROJAN!
X	MSIdll	winmp.exe	Added by a variant of the RBOT WORM!
X	MSIE Parsers	MSIE32ab.exe	Added by the SDBOT.MV WORM!
X	msiemon.exe	msiemon.exe	Detected by Kaspersky as the AGENT.ANQ TROJAN! See here
X	msiew	mseiw.exe	Added by the LITTLOG TROJAN!
X	MSIEXEC	MSIEXEC32.exe	Added by the AINESEY.A WORM!
X	MSIEXEC	MSIEXEC.EXE	Added by the YOSENIO-A VIRUS!
X	msiexecs.exe	msiexecs.exe	Added by a variant of the SDBOT WORM!
X	msig	disk10.exe	Added by the BANBRA-KF TROJAN!
X	MsIMMs32	MsIMMs32.exe	ONLINEG.GDJ spyware
X	msimn	msimn.exe	Added by the AGOBOT.JL WORM!
X	MSIMN32	MSIMN32.EXE	Added by the CWS-M TROJAN!
?	MSIN	MSin.exe	??
X	Msinet	Msinet.exe	Added by the RBOT-AOA WORM!
X	MSInfo	msinfo.exe	Added by the ALADINZ.M TROJAN!
X	MSInfo	AVBgle.exe	Added by the NETSKY.O WORM!
X	MSInstall	smvss.exe	Added by the DEDLER-G TROJAN!
X	msjava service	xpcd.exe	Added by the SDBOT.VM WORM!
U	MSKAGENTEXE	MskAgent.exe